AvePoint Perimeter Administrator Guide

Transcription

1 AvePint Perimeter Administratr Guide Issued February 2018

2 Table f Cntents What s New in this Guide Abut AvePint Perimeter AvePint Perimeter Pr Features Licensing AvePint Perimeter Installing AvePint Perimeter AvePint Perimeter System Cmpnents Overview AvePint Perimeter Manager AvePint Perimeter Agent AvePint Perimeter Gateway AvePint Perimeter External Prtal Integrating Perimeter External Prtal with SAP Jam Grup Installatin and Publishing Scenaris fr the External Prtal and Gateway AvePint Perimeter WOPI Hst Server AvePint Perimeter Secured Share Slutin AvePint Perimeter Gelcatin Database Installatin Scenaris fr the Gelcatin Database Permissin Requirements Permissin Requirements fr AvePint Perimeter Manager Permissin Requirements fr Installing AvePint Perimeter Manager Permissin Requirements fr Lgging int AvePint Perimeter Manager Permissin Requirements fr AvePint Perimeter Agent Permissin Requirements fr AvePint Perimeter External Prtal and Gateway Permissin Requirements fr Lgging int AvePint Perimeter External Prtal Permissin Requirements fr Gelcatin Database Permissin Requirements fr AvePint WOPI Hst Server System Requirements Supprted Envirnments AvePint Perimeter Manager Server Requirements Cnfiguring Yur Firewall t Allw Push Ntificatins AvePint Perimeter External Prtal and Gateway Server Requirements

3 AvePint Perimeter Gelcatin Database Server and Installatin Wizard System Requirements SQL Server Requirements fr AvePint Perimeter Databases AvePint Perimeter WOPI Hst Server System Requirements AvePint Perimeter Agent Server Installatin Requirements Where t Install AvePint Perimeter Agents AvePint Perimeter Agent Server Requirements End-User Devices Supprted by AvePint Perimeter Supprted Brwsers Supprted Brwsers fr AvePint Perimeter Manager Supprted Brwsers fr AvePint Perimeter Internal Prtal and AvePint Perimeter External Prtal. 34 Supprted File Types fr Online Viewing n the AvePint Perimeter Internal Prtal and External Prtal 35 AvePint Perimeter Installatin Overview Purchased Versins f Perimeter Trial Versins f Perimeter Installing AvePint Perimeter Manager Installing AvePint Perimeter Agents Mdifying Perimeter Agent Cnfiguratins Installing AvePint Perimeter External Prtal and Gateway Applying and Publishing the External Prtal and Gateway Publishing the External Prtal and Gateway Directly Publishing the External Prtal and Gateway via Reverse Prxy Installing Gelcatin Database (ptinal) Installing AvePint Perimeter WOPI Hst Server Setting Up Yur Firewall t Unblck Specific Prts Cnfiguring the Integratin f the External Prtal and SAP Jam Grup Updating Database Credentials Islating SharePint Web Frnt-End Server frm Perimeter External Prtal and Gateway Server Updating AvePint Perimeter Befre Getting Started with the Update Updating AvePint Perimeter Manager and Agent Cmpnents Using the Perimeter Upgrade Slutin Launching the Perimeter Upgrade Slutin

4 Running the Requirement Pre-Scan Cnfiguring Service Cnnectin Cnfiguring Update Settings Updating Services Viewing Update Histry Updating AvePint Perimeter Pr Secured Share Slutin Lgging int AvePint Perimeter Management Cnsle fr the First Time Changing Yur Passwrd Remembering the Lgin Credentials fr Autmatic Sign-In Overview f the Cnfiguratins in the AvePint Perimeter Management Cnsle Cnfiguring Perimeter General Settings Cnfiguring Perimeter Secure Share Pr Features Cnfiguring Cntent Access Cntrl t SharePint Sites Deplying and Activating the AvePint Perimeter Secured Share Feature Deplying the AvePint Perimeter Secured Share Slutin n a SharePint 2016 Farm Deplying the AvePint Perimeter Secure Share Slutin n a SharePint 2013 Farm Deplying the AvePint Perimeter Secured Share Slutin n a SharePint 2010 Farm Activating the AvePint Perimeter Secured Share Feature Activating the AvePint Perimeter Secured Share Feature in Site Settings Activating the AvePint Perimeter Secured Share Feature Using SharePint Management Shell Cmmand Lines Dashbard Interface Viewing All Access Lgs Viewing Internal Users Last Lcatins Viewing Access Lgs Per Platfrm (Last 7 Days) Viewing All Internal Devices Viewing External Users Last Lcatins Viewing All External Devices Cnfigure Menu Cnfiguring System Settings Using Agent Mnitr Cnfiguring Gelcatin Database Cnnectin

5 Cnfiguring IP Lcatin Database Using License Manager Cnfiguring External User Passwrd Plicy Cnfiguring Admin Accunts Managing Permissin Levels Managing Admin Grups Managing Admin Users Cnfiguring Secured Share Cnfiguring System Credentials Cnfiguring Shared File Lcatin Cnfiguring Office Web Apps Server Settings Cnfiguring Secure Share Cntrl Plicy Enabling SharePint Permissins t Grant the Available Permissin Levels Cnfiguring Watermark Settings Cnfiguring Cntent Access Cntrl fr Secure Share Cnfiguring Secure Share Optins and Custmizatins Sending Secured Share Ntificatin as the Shared by User Enabling Update Ntificatin Custmizing the Threshld fr Sending Reminder Ntificatins fr Lcked Shared Files n the External Prtal Allwing Users that are nt Shared With t Sign Up t the External Prtal Defining the Default Expiratin Duratin fr Secure Share via CONFIG File Disabling Internal Users t Share Annymus Access r Passcde-Verified Access Defining the Minimum Interval fr Sending a One-Time Access Passcde Deleting Shared Items Permanently Cnfiguring Applicatin Settings Cnfiguring General Settings Cnfiguring Ntificatin Settings Cnfiguring ADFS Authenticatin Cnfiguring Accunt Lckut Plicy Lg Manager Cnfiguring Mnitring Settings

6 Mnitring Timer Jb Definitin Mnitring Timer Jb Status Cnfiguring Windws Phne Lg Lcatin Jb Mnitr Interface Mnitring User Activity and Lcatins via Burglar Alarm Rules Types f Burglar Alarm Rules Cnfiguring SharePint Audit Settings fr Dcument Activity Rules at the Web Applicatin r Site Cllectin Level Disabling All SharePint Audit Events Inheriting and Stp Inheriting f SharePint Audit Settings Retrieving Audit Data fr Dcument Activity Rules Cnfiguring Audit Retrieval Settings fr a Farm Manually Retrieving Data frm a Farm Cnfiguring Filter Rules fr Excluding Specific Audit Data Cnfiguring Dcument Activity Cllectins Editing a Dcument Activity Cllectin Deleting Dcument Activity Cllectins Cnfiguring and Applying Burglar Alarm Rules Creating r Editing Burglar Alarm Rules Manage Menu Enrlling a Device Sending an Individual Device Enrllment Request Sending Device Enrllment Requests in Bulk Managing Enrllment Requests End-User Device Enrllment Managing Enrlled Devices Managing the Status f Enrlled Devices Viewing Enrlled Devices Details Deleting Enrlled Devices Publishing SharePint Sites fr Accessing via Enrlled Devices Managing Device Grups Cnfiguring Site Access Permissin fr Enrlled Devices

7 Cnfiguring Cntent Access Cntrl fr SharePint Cntent via Any Devices Cnfiguring Lcatin Grups Cnfiguring Lcatins Cnfiguring Cntent Access Plicies Managing Internal Users Viewing User Details Synchrnizing Active Directry Users Managing External Users Adding External Users Viewing User Details Editing an External User Prfile Managing the Status f External Users Managing Lgin Accunts Viewing Lgin Accunt Details Assigning a User fr Lgin Accunts Sharing Files with Grups f Users via Virtual Views Managing User Access Grups Cnfiguring Virtual Views fr Sharing Files in Bulk Sharing Virtual Views with User Access Grups Managing Shared Files Viewing Sharing Histry Viewing Dcument Usage Changing Shared Permissin Settings Remving Users Shared Permissins Custmizing the Size f the Online Read DWG File Reprt Menu Access Pints Viewing Access Pints Reprt Access Lgs Viewing Access Lgs Event Lgs Viewing Event Lgs

8 Exprting Event Lgs Access Vilatin Lgs Viewing Access Vilatin Lgs Exprting Access Vilatin Lgs Access Warning Lgs Viewing Access Warning Lgs Exprting Access Warning Lgs Factr Authenticatin Lgs Viewing 2-Factr Authenticatin Lgs Exprting 2-Factr Authenticatin Lgs Burglar Alarm Reprt Viewing Burglar Alarm Reprt Exprting Burglar Alarm Reprt Daily Audit Tracking Viewing Daily Audit Tracking Reprt Exprting Daily Audit Tracking Reprt Advanced Search Uninstalling AvePint Perimeter Uninstalling AvePint Perimeter Manager Uninstalling External Prtal and Gateway Uninstalling AvePint Perimeter WOPI Hst Server Uninstalling AvePint Perimeter Agents Uninstalling the AvePint Perimeter App frm Yur Device Appendix A: Publishing the External Prtal and Gateway Publishing the External Prtal and Gateway Directly Publishing the External Prtal and Gateway via Reverse Prxy Cnfiguring the Reverse Prxy fr the External Prtal and Gateway Overview Installing Applicatin Request Ruting Feature and URL Rewrite Feature Creating the Reverse Prxy s Website and Mdifying the Web.cnfig File Disabling IIS Cmpressin Exprting and Imprting the AvePint Perimeter Certificate Verifying the External and Gateway Server Certificate

9 Appendix B: AvePint Perimeter and Lcatin Data Hw is the Lcatin Services feature used? What lcatin data is btained and when is it btained? What des Perimeter d with the lcatin data? Hw lng des Perimeter keep the lcatin data? Hw d I secure this data n the backend? Appendix C: Custmizing AvePint Perimeter Templates, Display Language, Web Pages, and Prtals Custmizing Templates Custmizing the Lg Image f Templates Custmizing Text and Link URL f the Text in Templates Custmizing the Lk and Feel f Templates Custmizing the Display Language Custmizing the Lk and Feel f Web Pages Custmizing the Lk and Feel f Web Pages fr SharePint On-Premises Sites Custmizing the Lk and Feel f Web Pages fr ADFS Authenticated Sites Custmizing Pictures in Web Pages Custmizing the Lk and Feel f the Perimeter Management Cnsle and Internal Prtal Lgin Page Custmizing the Lk and Feel f the Perimeter External Prtal Lgin Page Ntices and Cpyright Infrmatin

10 What s New in this Guide Added the fllwing cnfiguratins in the AppSettings.cnfig file. The ptin t allw internal users t share annymus access r passcdeverified access t SharePint cntent via Secure Share. Fr detailed instructins, refer t the Disabling Internal Users t Share Annymus Access r Passcde- Verified Access sectin. The deletin peratin can nw be defined fr users wh are granted the Delete permissin t shared items. T permanently delete shared items when deleting, refer t Deleting Shared Items Permanently. 10

11 Abut AvePint Perimeter AvePint Perimeter prvides enterprise users with secure cntent access t SharePint and file system assets frm ios devices (ipad, iphne, r ipd Tuch) r Andrid devices. This applicatin wrks with the n-site AvePint Perimeter Manager t allw secure ffline viewing f SharePint cntent frm every endpint. In additin, AvePint Perimeter prvides lcatin/ip-based cntrls ver cntent access t ensure that dcuments are nly accessed frm knwn r trusted lcatins and IP addresses, and uses ios/andrid/windws Phne built-in Lcatin Services features t prvide pinpint accuracy t the user s lcatin. The applicatin prvides bth 2-factr authenticatin by using a QR Cde r access passwrd and annymus access t trusted users withut the need fr Active Directry (AD) r SharePint accunts. AvePint Perimeter Pr Features AvePint Perimeter Pr ffers tw additinal features ver AvePint Perimeter: AvePint Perimeter Secured Share and Virtual Views. Internal users can use the AvePint Perimeter Secured Share feature t share files, flders, and libraries within SharePint sites and cnfigure permissin cntrls fr the shared dcuments. The peple with whm the files are shared can view the shared files, flders, and libraries via AvePint Perimeter External Prtal r enrlled ios/andrid devices, edit shared files, synchrnize the mdified shared files back t the riginal files in SharePint, and uplad new files t shared flders r libraries in the AvePint Perimeter External Prtal. Additinally, Perimeter administratrs can set up Cntent Access Cntrl fr Secure Share in the Perimeter Management Cnsle t allw r deny internal/external user access t the shared cntent thrugh Perimeter Prtals r mbile devices by cnfiguring the lcatin r IP address rules. Internal users can manage the files they share via the AvePint Perimeter Internal Prtal. Als, in AvePint Perimeter Manager, administratrs can manage all f the files shared thrugh the AvePint Perimeter Secured Share feature and can share files based n predefined criteria with grups f users via the Virtual Views feature. Refer t the Cnfiguring Perimeter Secure Share Pr Features sectin fr a brief verview f deplying and using Perimeter Pr features. Licensing AvePint Perimeter AvePint Perimeter (purchased r trial versins) autmatically cmes with a 30-day license fr all features, including Perimeter Pr features, upn cmpletin f the installatin. When this 30-day license expires, a pp-up windw appears t infrm yu that the license has expired and includes a link t the License Manager. At this pint, yu can nly navigate t License Manager by clicking the URL in the pp-up windw; yu are nt able t access any ther interface in the Perimeter Manager until yu apply a new valid license. Fr detailed infrmatin n applying a license, refer t Imprting and Exprting 11

12 License Files. T purchase a new license, cntact yur AvePint accunt representative r visit the AvePint website fr mre infrmatin. *Nte: If applying a Perimeter Pr license t take advantage f Perimeter Pr features (AvePint Perimeter Secured Share and Virtual Views), ensure that the Secured Share field is Yes in the License Manager interface after yu apply yur license. *Nte: Even with an expired Perimeter Manager license, all f the AvePint Perimeter mbile apps within this Perimeter management system will still wrk prperly, as will all previusly cnfigured cntent access plicies. Hwever, system administratrs cannt view r manage enrlled devices, r share files via the Virtual Views feature, nr can they view end-user access t SharePint sites via the Perimeter Manager. Lastly, new end-users cannt enrll their mbile devices r share SharePint files using the AvePint Perimeter Secured Share feature. Installing AvePint Perimeter The steps fr installing AvePint Perimeter depend upn the type f versin yu chse t install, a purchased versin f Perimeter r a trial versin f Perimeter. Users installing a trial versin f AvePint Perimeter will take slightly different steps t install than thse wh have purchased the prduct. Users wh install a trial versin will have Perimeter up and running quickly in their envirnment, hwever this is nt the mst secure r AvePint recmmended methd f installatin. Fr detailed infrmatin n the different ways yu can install AvePint Perimeter, refer t AvePint Perimeter Installatin Overview and Installing AvePint Perimeter. 12

13 AvePint Perimeter System Cmpnents Overview The AvePint Perimeter management system cnsists f the fllwing cmpnents: Manager, Gateway, External Prtal, Gelcatin Database, WOPI Hst Server, Agent, and Secured Share slutin. Belw are detailed architectural diagrams that utline the wrkflw prcesses fr the fllwing Perimeter System cmpnents: Internal/External user access t Perimeter thrugh secured share, prts used by Perimeter fr installatin alngside Active Directry and Exchange, prts used fr Perimeter t and frm the Internet and Perimeter s mbile device interactin framewrk. Figure 1: Architectural diagram fr Perimeter Secured Share feature. 13

14 Figure 2: Prts used by Perimeter fr installatin alngside Active Directry and Exchange. 14

15 Figure 3: Prts used fr Perimeter t and frm the Internet. *Nte: The prts used by Perimeter must be unblcked by yur firewall after all f the Perimeter cmpnents have been installed. Fr details, refer t Setting Up Yur Firewall t Unblck Specific Prts. If yu d nt want t allw the SharePint Web frnt-end server t receive requests frm the Perimeter External Prtal & Gateway, yu can blck their cmmunicatin and use the Perimeter Manager & Internal Prtal t cmmunicate with the SharePint server. T islate the SharePint Web frnt-end server frm Perimeter External Prtal & Gateway, refer t Islating SharePint Web Frnt-End Server frm Perimeter External Prtal and Gateway Server. 15

16 Figure 4: Mbile device interactin framewrk. AvePint Perimeter Manager The AvePint Perimeter Manager cnsists f the AvePint Perimeter Manager Service and tw cmpnents: the Management Cnsle and the Internal Prtal. Using the Management Cnsle, Perimeter Administratrs manage all f the settings and peratins acrss the Perimeter management system. Perimeter Administratrs als manage all f the files shared thrugh the AvePint Perimeter Secured Share feature and share files with grups f users based n predefined criteria. 16

17 Using the Internal Prtal, the internal users f yur rganizatin manage the SharePint files, flders, and libraries they share via the AvePint Perimeter Secured Share feature. Site cllectin administratrs can view and manage all f the shared files, flders, and libraries within their site cllectins. All f the Perimeter Agents can cmmunicate with the Manager thrugh the Manager Service, therefre the server where yu install the Manager must be accessible by the all f the Agent servers. Refer t AvePint Perimeter Manager Server Requirements fr system requirements f the Manager. AvePint Perimeter Agent The AvePint Perimeter Agent runs the AvePint Perimeter Agent Service. An AvePint Perimeter Agent cmmunicates with SharePint/Active Directry Federatin Services (ADFS) servers based n the cmmands it receives frm the Perimeter Manager Service. Refer t AvePint Perimeter Agent Server Installatin Requirements fr the system requirements fr the Agent. AvePint Perimeter Gateway The AvePint Perimeter mbile app cmmunicates with the AvePint Perimeter Manager via the Gateway. T enable cmmunicatin between the mbile app and the Perimeter Manager, the IIS website cntaining the Gateway needs t be published t the Internet t allw fr mbile device access. Refer t AvePint Perimeter External Prtal and Gateway Server Requirements fr system requirements fr the Gateway. Fr details n the cnfiguratin methds fr installing and publishing the Gateway, refer t Installatin and Publishing Scenaris fr the External Prtal and Gateway. AvePint Perimeter External Prtal Using the AvePint Perimeter Secured Share feature, internal users f yur rganizatin can share SharePint files, flders, and libraries with internal users within the rganizatin r external users utside f the rganizatin. Als, administratrs can share files with bth internal users and external users thrugh the Perimeter Manager. After the files are shared by internal users/administratrs, the persns with whm the files are shared can perfrm the fllwing peratins n the shared files, flders, and libraries at the AvePint Perimeter External Prtal: Open shared files/flders/libraries. Dwnlad shared files. Edit shared files and synchrnize the mdified shared files back t the riginal files in SharePint via the fllwing methds: Edit shared files in brwser via Office Web Apps, and save the changes t the files via the Apps. The changes will be saved t the shared files at the External Prtal and then synchrnized t the crrespnding riginal files in SharePint immediately. 17

18 Nte the fllwing: Dwnlad the shared files, edit the dwnladed files, and then uplad the mdified files t the External Prtal. The upladed files will verwrite the crrespnding riginal files in SharePint. Uplad new files t the shared flders r libraries at the External Prtal t synchrnize these files t the riginal flders/libraries in SharePint. The AvePint Perimeter External Prtal supprts pening files with the file types listed in the Supprted File Types fr Online Viewing n the AvePint Perimeter Internal Prtal and External Prtal sectin in the brwser via the default nline pdf viewer. In the nline pdf viewer, the users can view the.pdf files cnverted frm the shared files. With an Office Web Apps (OWA) server cnfigured fr the External Prtal, AvePint Perimeter External Prtal supprts pening and editing shared files f the.dcx,.xlsx, and.pptx frmats in the brwser via Office Web Apps. T ensure all f the users can access the AvePint Perimeter External Prtal via the Internet, the External Prtal needs t be published t the Internet. Refer t AvePint Perimeter External Prtal and Gateway Server Requirements fr the system requirements fr the External Prtal, and Installing AvePint Perimeter External Prtal and Gateway fr hw t install and publish the External Prtal. Integrating Perimeter External Prtal with SAP Jam Grup If yu are using bth SAP Jam grups and AvePint Perimeter, yu can cnfigure an OpenScial Gadget fr yur SAP Jam grup t integrate the AvePint Perimeter External Prtal with that SAP Jam grup. The fllwing additinal features will be available n the AvePint Perimeter External Prtal that is integrated in SAP Jam grup via OpenScial Gadget: The grup wner with whm the SharePint flders are shared can assign the shared flders thrugh the AvePint Perimeter External Prtal t all f the members in the SAP Jam grup. Grup members can access the files r flders within the assigned flders n the AvePint Perimeter External Prtal and perfrm additinal actins since they will be granted the same permissin level as the grup wner. *Nte: In the integrated AvePint Perimeter External Prtal, grup members can nly view r perate the files in the flders assigned by the grup wner. If there are ther items that are shared with a grup member thrugh the AvePint Perimeter Secure Share feature, the grup member must lg int the rganizatins Perimeter External Prtal as an external user t view and perate the shared items. Fr detailed instructins n cnfiguring the integratin, refer t Cnfiguring the Integratin f External Prtal and SAP Jam Grup. 18

19 Installatin and Publishing Scenaris fr the External Prtal and Gateway During the Manager installatin, the External Prtal and Gateway are autmatically installed n the Manager server under the same IIS website. The fllwing tw installatin and publishing scenaris fr the External Prtal and Gateway are available: AvePint recmmends installing the External Prtal and Gateway n anther server and publishing the External Prtal and Gateway s IIS website t the Internet. With this cnfiguratin, the Manager s IIS website is prtected frm the Internet, further ensuring system security. Fr mre infrmatin n installing the External Prtal and Gateway n a separate server frm the Manager, refer t Installing AvePint Perimeter External Prtal and Gateway. T have Perimeter up and running quickly in yur envirnment, yu can use the External Prtal and Gateway that were autmatically installed n the Manager server under the same IIS website with the Manager after publishing the shared website t the Internet. Hwever, AvePint des nt recmmend this cnfiguratin because the Manager will als be published t the Internet, which may pse a security risk t yur Perimeter management system. Fr mre infrmatin n publishing the External Prtal and Gateway, refer t Appendix A: Publishing the External Prtal and Gateway. AvePint Perimeter WOPI Hst Server A WOPI hst server is a dcument strage lcatin that can cnnect t WOPI clients t pen and edit dcuments in a Web brwser. T enable users t pen and edit shared files in a brwser frm the AvePint Perimeter Internal Prtal and External Prtal within the AvePint Perimeter management system, the AvePint Perimeter WOPI Hst Server is required t handle the cmmunicatin between the AvePint Perimeter Internal Prtal/External Prtal and Office Web Apps (WOPI clients), and stre the files that are pened r edited in the brwser using Office Web Apps. The WOPI Hst Server must be installed n a server that can cmmunicate with all f the fllwing servers: AvePint Perimeter Manager server (where the AvePint Perimeter Internal Prtal resides) AvePint Perimeter External and Gateway server (where the AvePint Perimeter External Prtal resides) Office Web Apps Server that yu want t use fr pening and editing shared dcuments in web brwsers at the AvePint Perimeter Internal and External Prtal Refer t AvePint Perimeter WOPI Hst Server System Requirements fr system requirements fr the WOPI Hst Server. Fr details n installing WOPI Hst Server, refer t Installing AvePint Perimeter WOPI Hst Server. 19

20 AvePint Perimeter Secured Share Slutin The AvePintPerimeterSecureShare.wsp slutin fr SharePint farms adds the AvePint Perimeter Secured Share feature int SharePint sites. This feature allws internal users within yur rganizatin t share files within internal SharePint sites with users within and utside yur rganizatin. The feature als allws internal users t cnfigure permissin settings n the files and set an expiratin time fr hw lng the files will be shared with ther users. AvePint Perimeter Gelcatin Database The Gelcatin Database is an ptinal database that stres gegraphic and plitical bundary data (lcatin names with the crrespnding crdinates) that can be used t define lcatins. During Perimeter installatin, yu can chse whether r nt t install this database. The Gelcatin database enables yu t define lcatin grups based n gegraphic and plitical bundary data frm the database withut relying n data retrieved frm external resurces such as Bing Maps. Fr mre infrmatin n cnfiguring lcatin grups based n gegraphic and plitical bundaries, refer t Adding a New Gegraphic Lcatin Grup. *Nte: The entire Gelcatin database will use abut 4 GB f space in the target SQL Server, and the initial lading prcess fr this database may use up t 25 GB f space. T successfully ppulate the Gelcatin database, ensure there is enugh available disk space n the target SQL Server, and the ExecutinPlicy that determines which Windws PwerShell scripts can run n yur cmputer is set t Unrestricted (all Windws PwerShell scripts can be run). Installatin Scenaris fr the Gelcatin Database T install the Gelcatin database, chse either f the fllwing tw methds: If yu have the db_wner database rle in a blank database that can be ppulated with the required data and used as a Gelcatin database, use the AvePint Perimeter Gelcatin Database Installatin Wizard t ppulate the desired blank database with the gegraphy lcatin infrmatin t define lcatins based n gegraphic and plitical bundaries infrmatin. If yu have the dbcreatr server rle in a particular SQL Server t create a new database that will be used as the Gelcatin database, use the AvePint Perimeter Gelcatin Database Installatin Wizard t create the database in the specified SQL Server, and then ppulate it with the required gegraphy lcatin infrmatin that can be used t define lcatins based n gegraphic and plitical bundaries infrmatin. Refer t AvePint Perimeter Gelcatin Database Server and Installatin Wizard System Requirements fr additinal system requirements. 20

21 Permissin Requirements In rder t install and use AvePint Perimeter system cmpnents prperly, certain permissins are required. The fllwing sectins prvide details n the permissin requirements fr each cmpnent. Permissin Requirements fr AvePint Perimeter Manager The sectins belw ffer detailed infrmatin n the AvePint Perimeter Manager s permissin requirements. Permissin Requirements fr Installing AvePint Perimeter Manager T install and use the AvePint Perimeter Manager, ensure the applicatin pl accunt used t create the applicatin pl fr the Manager Service s IIS website has the fllwing permissins: Lcal System Permissins User is a member f the lcal Administratrs grup f the Manager server. SQL Permissins If yu select Windws Authenticatin as the Database Credentials fr the Manager Cnfiguratin database, yu must have either the dbcreatr server rle in the SQL Server that will cntain the new Manager Cnfiguratin database, r the db_wner database rle in the existing Manager Cnfiguratin database. *Nte: Windws Authenticatin fr the Manager Cnfiguratin database autmatically uses the applicatin pl accunt cnfigured in Applicatin Pl Settings instead f the currently lgged-in accunt. Permissin Requirements fr Lgging int AvePint Perimeter Manager T lg int the AvePint Perimeter Manager (the Management Cnsle and the Internal Prtal), ensure the accunt used meets the fllwing requirements: If yu are an administratr, lg int the AvePint Perimeter Management Cnsle using an administratr accunt. Fr detailed infrmatin n administratr accunts, refer t Updating AvePint Perimeter and Cnfiguring Admin Accunts. If yu are an internal user, lg int the AvePint Perimeter Internal Prtal using yur Active Directry credentials. Permissin Requirements fr AvePint Perimeter Agent T install AvePint Perimeter Agent, ensure the Agent accunt has the fllwing permissins: Lcal System Permissin User is a member f the lcal Administratrs grup, r user must have the fllwing permissins r rles in the lcal system: Lg n as batch jb in grup plicy. 21

22 Grup member f WSS_WPG, IIS_IUSRS. Full cntrl permissin fr Perimeter Certificate n Agent server Full cntrl permissin fr Agent installatin flder. SharePint Permissin User must be a member f the Farm Administratrs grup and have Full Read permissin t the User Plicy f the Web applicatins. SQL Permissins Fr SharePint 2010 farm, user must have: db_wner database rle in Cnfiguratin Database, Central Admin Database, and all f the cntent databases under the Web applicatins t use the Secure Share feature. Fr SharePint 2013 r SharePint 2016 farm, user must have: *Nte: The fllwing are the minimum permissins f using Perimeter 1.7 r later in the SharePint 2013 r SharePint 2016 envirnment. Fr the earlier versins f Perimeter, the permissin requirements are the same as required fr SharePint 2010 farm. SharePint_Shell_Access database rle in Cnfiguratin Database, Central Admin Database, and all f the cntent databases under the Web applicatins that are required t use the Secure Share feature. SharePint_Shell_Access database rle f FBA prvider database, if SharePint Web applicatin enabled Frm-Based Authenticatin. *Nte: The SharePint_Shell_Access rle can nly be assigned via SharePint Management Shell. Fr instructins n hw t assign this rle t a user, refer t the fllwing Micrsft technical article: Permissin Requirements fr AvePint Perimeter External Prtal and Gateway T install AvePint Perimeter External Prtal and Gateway n a server, ensure the applicatin pl accunt used t create the applicatin pl fr the External Prtal and Gateway s IIS website has the fllwing permissins: Lcal System Permissins User is a member f the lcal Administratrs grup f the External Prtal and Gateway server. SQL Permissins If yu select Windws Authenticatin as the Database Credentials fr the Manager Cnfiguratin database that the External Prtal and Gateway will cnnect t, yu must have the db_wner database rle in the designated Manager Cnfiguratin database. 22

23 *Nte: Windws Authenticatin fr the Manager Cnfiguratin database autmatically uses the applicatin pl accunt cnfigured in Applicatin Pl Settings instead f the currently lgged-in accunt. Permissin Requirements fr Lgging int AvePint Perimeter External Prtal After internal users/administratrs share files, flders, r libraries, thse with whm the files, flders, r libraries are shared can view the shared files, flders, r libraries in the AvePint Perimeter External Prtal. T lg int the AvePint Perimeter External Prtal, ensure the accunt used meets the fllwing requirements: If the files, flders, r libraries are shared with an internal user, the internal user lgs int the AvePint Perimeter External Prtal directly using the Active Directry credentials r address lgins. If the files, flders, r libraries are shared with an external user, the external user must register t the AvePint Perimeter External Prtal and then lg int the prtal with the registered user accunt. 23

24 Permissin Requirements fr Gelcatin Database T install the Gelcatin database, ensure the user running the Gelcatin Database Installatin Wizard must have the fllwing permissins: Lcal System Permissins User is a member f the lcal Administratrs grup f the machine that runs the installatin wizard. SQL Permissins If yu select Windws Authenticatin as the Database Credentials fr the Gelcatin database, yu must have either the dbcreatr server rle in the SQL Server that will cntain the new Gelcatin database, r the db_wner database rle in the existing blank Gelcatin database. Permissin Requirements fr AvePint WOPI Hst Server T install AvePint Perimeter WOPI Hst Server n a server, ensure the applicatin pl accunt used t create the applicatin pl fr the WOPI Hst Server s IIS website has the fllwing permissins: Lcal System Permissins User is a member f the lcal Administratrs grup f the WOPI Hst Server hst. SQL Permissins If yu select Windws Authenticatin as the Database Credentials fr the Manager Cnfiguratin database that the WOPI Hst Server will cnnect t, yu must have the db_wner database rle in the designated Manager Cnfiguratin database. *Nte: Windws Authenticatin fr the Manager Cnfiguratin database autmatically uses the applicatin pl accunt cnfigured in Applicatin Pl Settings instead f the currently lgged-in accunt. 24

25 System Requirements Refer t the sectins belw fr system requirements that must be in place prir t installing AvePint Perimeter. Supprted Envirnments AvePint Perimeter is cmpatible with the fllwing platfrms: Micrsft SharePint Server/Fundatin 2010 (up t and including Service Pack 2) Micrsft SharePint Server/Fundatin 2013 (up t and including Service Pack 1) Micrsft SharePint Server 2016 Active Directry Federatin Services (ADFS) 2.0 AvePint Perimeter Manager Server Requirements Befre installing AvePint Perimeter Manager, make sure the Manager server meets the fllwing requirements: *Nte: T ensure the AvePint Perimeter Manager server can prperly send real-time push ntificatins t ios devices via the Apple Push Ntificatin Service (APNS), and t Andrid devices via Ggle Clud Messaging (GCM), yu must cnfigure the firewall f yur Manager server t allw APNS/GCM traffic t get past yur firewall after the Manager installatin cmpletes. Fr details, refer t Cnfiguring Yur Firewall t Allw Push Ntificatins. Cmpnent Requirements Operating System Editin Recmmended: Windws Server 2008 R2, Windws Server 2012, Windws Server 2012 R2 Minimum: Windws Server 2008* Available Physical Memry Recmmended: 1 GB r greater Minimum: 512 MB Available Disk Space Recmmended: 1 GB r greater Minimum: 1 GB.NET Framewrk Versin.NET Framewrk 3.5 SP1 Fr Windws Server 2012 and Windws 8, r later perating system editins,.net Framewrk 4.5 must be installed in additin t.net Framewrk 3.5 SP1..NET Framewrk Features HTTP Activatin and Nn-HTTP Activatin shuld be installed. Fr Windw Server 2012 and Windws 8, r later perating system editins, the features including HTTP Activatin, Message Queuing (MSMQ) 25

26 Cmpnent Windws Prcess Activatin Service Net.TCP Prt Sharing Service Web Server (IIS) Rle Requirements Activatin, Named Pipe Activatin, TCP Activatin, and TCP Prt Sharing fr.net Framewrk 4.5 shuld be installed. Windws Prcess Activatin Service shuld be started, and Prcess Mdel,.NET Envirnment, and Cnfiguratin APIs shuld be installed. Net.TCP Prt Sharing Service shuld be started. Fr Windws Server 2008, the fllwing Windws features shuld be installed: Web Server Cmmn HTTP Features (Static Cntent, Default Dcument) Applicatin Develpment (ASP.NET,.NET Extensibility, ISAPI Extensins and ISAPI Filters) Management Tls (IIS Management Cnsle, IIS 6 Management Cmpatibility and IIS 6 Metabase Cmpatibility) Fr Windws Server 2008 R2, Windws Server 2012, and Windws Server 2012 R2, the fllwing Windws features shuld be installed: Web Server Cmmn HTTP Features (Static Cntent, Default Dcument) Applicatin Develpment (ASP.NET 3.5,.NET Extensibility3.5, ISAPI Extensins, ISAPI Filters Management Tls (IIS Management Cnsle, IIS 6 Management Cmpatibility, IIS 6 Metabase Cmpatibility) PwerShell Versin PwerShell 2.0 r abve *AvePint Perimeter supprts Windws Server 2008, but Windws Server 2008 R2, Windws Server 2012, and Windws Server 2012 R2 are recmmended. Running the latest versins f Windws servers ensures the mst current patches and security updates frm Micrsft. Cnfiguring Yur Firewall t Allw Push Ntificatins AvePint Perimeter Manager sends real-time push ntificatins t ios devices via the Apple Push Ntificatin Service (APNS), and t Andrid devices via Ggle Clud Messaging (GCM). After the Manager installatin cmpletes, yu need t cnfigure the firewall f yur Manager server t allw APNS/GCM traffic t get past yur firewall. T ensure that APNS traffic can get past yur firewall, pen the fllwing prts n yur firewall: 26

27 TCP prt 5223 (used by ios devices t cmmunicate with APNS servers) TCP prt 2195 (used by AvePint Perimeter Manager t send ntificatins t APNS) T ensure Andrid devices inside yur netwrk can receive push ntificatins, cnfigure yur firewall t allw Andrid devices cnnectivity with GCM. The prts t pen are: TCP prts 5228, 5229, and GCM typically nly uses 5228, but it smetimes uses 5229 and GCM desn't prvide specific IP addresses, s yu shuld allw yur firewall t accept utging cnnectins t all f the IP addresses cntained in the IP blcks listed in Ggle's ASN f

28 AvePint Perimeter External Prtal and Gateway Server Requirements Befre installing AvePint Perimeter External Prtal and Gateway, make sure the External Prtal and Gateway server meets the fllwing requirements: Cmpnent Operating System Editin Available Physical Memry Available Disk Space.NET Framewrk Versin.NET Framewrk Features Windws Prcess Activatin Service Net.TCP Prt Sharing Service Web Server (IIS) Rle PwerShell Versin 28 Requirements Recmmended: Windws Server 2008 R2, Windws Server 2012, and Windws Server 2012 R2 Minimum: Windws Server 2008* Recmmended: 1 GB r greater Minimum: 512 MB Recmmended: 1 GB r greater Minimum: 1 GB.NET Framewrk 3.5 SP1 Fr Windws Server 2012 and Windws 8, r later perating system editins,.net Framewrk 4.5 must be installed in additin t.net Framewrk 3.5 SP1. HTTP Activatin and Nn-HTTP Activatin shuld be installed. Fr Windw Server 2012 and Windws 8, r later perating system editins, the features including HTTP Activatin, Message Queuing (MSMQ) Activatin, Named Pipe Activatin, TCP Activatin, and TCP Prt Sharing fr.net Framewrk 4.5 shuld be installed. Windws Prcess Activatin Service shuld be started, and Prcess Mdel,.NET Envirnment, and Cnfiguratin APIs shuld be installed. Net.TCP Prt Sharing Service shuld be started. Fr Windws Server 2008, the fllwing Windws features shuld be installed: Web Server Cmmn HTTP Features (Static Cntent, Default Dcument) Applicatin Develpment (ASP.NET,.NET Extensibility, ISAPI Extensins and ISAPI Filters) Management Tls (IIS Management Cnsle, IIS 6 Management Cmpatibility and IIS 6 Metabase Cmpatibility) Fr Windws Server 2008 R2, Windws Server 2012, and Windws Server 2012 R2, the fllwing Windws features shuld be installed: Web Server Cmmn HTTP Features (Static Cntent, Default Dcument) Applicatin Develpment (ASP.NET 3.5,.NET Extensibility3.5, ISAPI Extensins, ISAPI Filters Management Tls (IIS Management Cnsle, IIS 6 Management Cmpatibility, IIS 6 Metabase Cmpatibility) PwerShell 2.0 r abve

29 *AvePint Perimeter supprts Windws Server 2008, but Windws Server 2008 R2, Windws Server 2012, and Windws Server 2012 R2 are recmmended. Running the latest versins f Windws servers ensures yu have the mst current patches and security updates frm Micrsft. AvePint Perimeter Gelcatin Database Server and Installatin Wizard System Requirements T install a Gelcatin database in SQL Server, yu must ensure that the SQL Server meets the SQL Server Requirements fr AvePint Perimeter Databases and that it has at least 25 GB f available disk space. The entire Gelcatin database is abut 4 GB, but the Gelcatin database s initial lading prcess may use up t 25 GB f space. In additin, yu must ensure that the ExecutinPlicy that determines which Windws PwerShell scripts can run n yur cmputer is set t Unrestricted, which indicates that all Windws PwerShell scripts can be run. Befre installing the Gelcatin database, ensure that the server where yu run the AvePint Perimeter Gelcatin Database Installatin Wizard meets the fllwing requirements: Cmpnent Requirements Operating System Editin Recmmended: Windws Server 2008 R2, Windws Server 2012, Windws Server 2012 R2 Minimum: Windws Server 2008* Available Physical Memry Recmmended: 1 GB r greater Minimum: 512 MB Available Disk Space Recmmended: 1 GB r greater Minimum: 1 GB.NET Framewrk Versin.NET Framewrk 3.5 SP1 Fr Windws Server 2012 and Windws 8, r later perating system editins,.net Framewrk 4.5 must be installed in additin t.net Framewrk 3.5 SP1. PwerShell Versin PwerShell 2.0 r abve *AvePint Perimeter supprts Windws Server 2008, but Windws Server 2008 R2, Windws Server 2012, Windws Server 2012 R2 are recmmended. Running the latest versins f Windws servers ensures the mst current patches and security updates frm Micrsft. SQL Server Requirements fr AvePint Perimeter Databases Refer t the table belw fr the SQL Server requirements fr AvePint Perimeter databases. Databases Manager Cnfiguratin Database and Gelcatin Database SQL Server Editins Micrsft SQL Server 2016 Micrsft SQL Server 2014 SP1 Micrsft SQL Server 2014 Micrsft SQL Server 2012 Service Pack 1 29

30 Databases SQL Server Editins Micrsft SQL Server 2012 Micrsft SQL Server 2008 R2 Service Pack 1 30

31 AvePint Perimeter WOPI Hst Server System Requirements Refer t the table belw fr the Perimeter WOPI Hst Server system requirements: Cmpnent Requirements Operating System Editin Recmmended: Windws Server 2008 R2, Windws Server 2012, Windws Server 2012 R2 Minimum: Windws Server 2008* Available Physical Memry Recmmended: 1 GB r greater Minimum: 512 MB Available Disk Space Recmmended: 1 GB r greater Minimum: 1 GB.NET Framewrk Versin.NET Framewrk 3.5 SP1 Fr Windws Server 2012 and Windws 8, r later perating system editins,.net Framewrk 4.5 must be installed in additin t.net Framewrk 3.5 SP1..NET Framewrk Features HTTP Activatin and Nn-HTTP Activatin shuld be installed. Fr Windw Server 2012 and Windws 8, r later perating system editins, the features including HTTP Activatin, Message Queuing (MSMQ) Activatin, Named Pipe Activatin, TCP Activatin, and TCP Prt Sharing fr.net Framewrk 4.5 shuld be installed. Windws Prcess Activatin Service Windws Prcess Activatin Service shuld be started, and Prcess Mdel,.NET Envirnment, and Cnfiguratin APIs shuld be installed. Net.TCP Prt Sharing Service Net.TCP Prt Sharing Service shuld be started. Web Server (IIS) Rle Fr Windws Server 2008, the fllwing Windws features shuld be installed: Web Server Cmmn HTTP Features (Static Cntent, Default Dcument) Applicatin Develpment (ASP.NET,.NET Extensibility, ISAPI Extensins and ISAPI Filters) Management Tls (IIS Management Cnsle, IIS 6 Management Cmpatibility and IIS 6 Metabase Cmpatibility) Fr Windws Server 2008 R2, Windws Server 2012, and Windws Server 2012 R2, the fllwing Windws features shuld be installed: Web Server Cmmn HTTP Features (Static Cntent, Default Dcument) Applicatin Develpment (ASP.NET 3.5,.NET Extensibility3.5, ISAPI Extensins, ISAPI Filters Management Tls (IIS Management Cnsle, IIS 6 Management Cmpatibility, IIS 6 Metabase Cmpatibility) PwerShell Versin PwerShell 2.0 r abve *AvePint Perimeter supprts Windws Server 2008, but Windws Server 2008 R2, Windws Server 2012, Windws Server 2012 R2 are recmmended. Running the latest versins f Windws servers ensures yu have the mst current patches and security updates frm Micrsft. 31

32 AvePint Perimeter Agent Server Installatin Requirements Befre installing AvePint Perimeter Agent, make sure the Agent is installed n the crrect server and that the server meets the requirements detailed in the table belw. Where t Install AvePint Perimeter Agents AvePint Perimeter Agents can be installed n different machines accrding t the features yu wish t use: T use the SharePint Plicy feature, an AvePint Perimeter Agent must be installed n each SharePint Web frnt-end server in the SharePint envirnment. T use the Federatin Plicy feature, an AvePint Perimeter Agent must be installed n the ADFS server r the ADFS prxy server. T use the Secured Share features (including the AvePint Perimeter Secured Share site feature in SharePint sites and the Virtual Views feature in AvePint Perimeter Manager), an AvePint Perimeter Agent must be installed n each SharePint Web frnt-end server f the SharePint envirnment. T use the Burglar Alarm Rules feature, an AvePint Perimeter Agent must be installed n each Web frnt-end server in the SharePint envirnment. 32

33 AvePint Perimeter Agent Server Requirements Befre installing AvePint Perimeter Agent, make sure the Agent server meets the fllwing requirements: Cmpnent Requirements Operating System Editin Recmmended: Windws Server 2012 and Windws Server 2012 R2 Minimum: Windws Server 2008 R2* Available Physical Memry Recmmended: 512 MB r greater Minimum: 256 MB Available Disk Space Minimum: 1 GB.NET Framewrk Versin.NET Framewrk 3.5 SP1 Fr Windws Server 2012 and Windws 8, r later perating system editins,.net Framewrk 4.5 must be installed in additin t.net Framewrk 3.5 SP1..NET Framewrk Features HTTP Activatin and Nn-HTTP Activatin shuld be installed. Fr Windw Server 2012 and Windws 8, r later perating system editins, the features including HTTP Activatin, Message Queuing (MSMQ) Activatin, Named Pipe Activatin, TCP Activatin, and TCP Prt Sharing fr.net Framewrk 4.5 shuld be installed. Windws Prcess Activatin Service Windws Prcess Activatin Service shuld be started, and Prcess Mdel,.NET Envirnment, and Cnfiguratin APIs shuld be installed. Net.TCP Prt Sharing Service Net.TCP Prt Sharing Service shuld be started. *AvePint Perimeter supprts Windws Server 2008 R2, but Windws Server 2012 and Windws Server 2012 R2 are recmmended. Running the latest versins f Windws servers ensures the mst current patches and security updates frm Micrsft. End-User Devices Supprted by AvePint Perimeter AvePint Perimeter is supprted fr use n ios 8 r later n the iphne, ipd Tuch, and ipad, mbile devices with Andrid perating system 4.0 r later, r Windws Phne

34 Supprted Brwsers The sectins belw detail the supprted brwser versins fr AvePint Perimeter Manager, AvePint Perimeter Internal Prtal, and AvePint Perimeter External Prtal. *Nte: It is recmmended t use the latest versins f the brwsers listed in the sectins belw. Supprted Brwsers fr AvePint Perimeter Manager See belw fr AvePint Perimeter Manager brwser supprt: Brwser Internet Explrer Ggle Chrme Versin IE 9 r later m r later Supprted Brwsers fr AvePint Perimeter Internal Prtal and AvePint Perimeter External Prtal See belw fr AvePint Perimeter Internal Prtal/AvePint Perimeter External Prtal brwser supprt: Brwser Internet Explrer Ggle Chrme Mzilla Firefx Safari Versin IE 9 r later m r later r later Installed n ios 9 r later 34

35 Supprted File Types fr Online Viewing n the AvePint Perimeter Internal Prtal and External Prtal See the table belw fr the supprted file types fr nline viewing n the AvePint Perimeter Internal Prtal and External Prtal: File Type Micrsft Wrd Dcument Micrsft Excel Wrkbk Micrsft PwerPint Presentatin PDF file Micrsft Prject file Micrsft Visi Drawing Image AutCAD file* Web page Text dcument XML Paper Specificatin file Printer Cmmand Language Dcument File Extensin.dc,.dcx.xls,.xlsx.ppt,.pptx.pdf.mpp.vsd,.vsdx.jpg,.png,.gif,.svg.dwg.html,.htm.txt.xps.pcl *Nte: The AvePint Perimeter Internal Prtal and External Prtal nly supprt the nline viewing f the AutCAD 2004.dwg files with n 3D effects. 35

36 AvePint Perimeter Installatin Overview The steps fr installing AvePint Perimeter depend upn yur type f installatin: users trialing AvePint Perimeter will take slightly different steps t install than thse wh have purchased the prduct. Purchased Versins f Perimeter Custmers wh want t perfrm a cmplete installatin accrding t AvePint s recmmended methds shuld fllw the steps belw, in rder: 1. Installing AvePint Perimeter Manager *Nte: Fr additinal netwrk security, AvePint recmmends installing the External Prtal and Gateway n a server different frm the Perimeter Manager. 2. Installing AvePint Perimeter External Prtal and Gateway 3. Publishing the External Prtal and Gateway via Reverse Prxy 4. Verifying the External and Gateway Server Certificate *Nte: AvePint recmmends that the server certificate n the External Prtal and Gateway r reverse prxy (if the External Prtal and Gateway is published via reverse prxy) be a valid certificate btained frm a cmmercial certificate authrity. 5. Installing Gelcatin Database 6. Installing AvePint Perimeter WOPI Hst Server 7. Installing AvePint Perimeter Agents Trial Versins f Perimeter Users wh want t quickly get Perimeter up and running in their envirnment (such as thse wh are trialing AvePint Perimeter) shuld fllw the steps belw, in rder. Nte that these steps will get yu up and running quickly, but are nt the mst secure r AvePint-recmmended methds f installatin. 1. Installing AvePint Perimeter Manager *Nte: Fr quick installatin, install the External Prtal and Gateway nt the Perimeter Manager server. 2. Publishing the External Prtal and Gateway Directly 3. Verifying the External and Gateway Server Certificate *Nte: Fr quick installatin, use a self-signed certificate. 4. Installing AvePint Perimeter WOPI Hst Server Installing AvePint Perimeter Agents

37 The AvePint Perimeter Installatin Wizards guide yu thrugh the installatin prcess. T cmplete the installatin successfully, a lcal administratr must run the Installatin Wizard. Installing AvePint Perimeter Manager Befre installing AvePint Perimeter Manager, ensure that the AvePint Perimeter Manager Server Requirements are met and that the user running the installatin wizard is a member f the lcal Administratrs grup f the current server. The AvePint Perimeter Manager must be installed in the same Active Directry dmain as yur SharePint farms where yu want t deply the AvePint Perimeter management system. *Nte: After the Manager Installatin cmpletes, the AvePint Perimeter Manager Installatin Wizard installs nt nly the Manager (including Management Cnsle and Internal Prtal) but als the External Prtal and Gateway n the Manager server under the same IIS website. The External Prtal and Gateway must be published t the Internet thrugh either f these tw methds: yu can publish this shared IIS website t the internet (nt recmmended), r yu can install the External Prtal and Gateway n a separate server and publish the External Prtal and Gateway s IIS website t the Internet (recmmended). Fr details n the cnfiguratin methds fr installing and publishing the External Prtal and Gateway, refer t Installatin and Publishing Scenaris fr the External Prtal and Gateway. T install AvePint Perimeter Manager, cmplete the fllwing steps: 1. Dwnlad the Manager ZIP file by requesting a dem versin r by cntacting an AvePint representative fr links t this package. 2. Extract the package. Open the extracted AvePint Perimeter Manager directry and duble-click the Setup.exe file. 3. After the Welcme screen appears, click Install Manager. 4. Carefully review the License Agreement. After yu have read the agreement, select the I accept the terms in the license agreement checkbx, and click Next. 5. Click Brwse and select the lcatin fr the Manager installatin. The default installatin lcatin is C:\Prgram Files\AvePint. Click Next. 6. Perimeter perfrms a brief pre-scan f the envirnment t ensure that yur system meets the AvePint Perimeter Manager system requirements. The status fr each rule is listed in the Status clumn. 7. Click the status hyperlink t view detailed infrmatin n the scan results, r click Details t view detailed infrmatin n all f the requirements. *Nte: Yu cannt prceed with the installatin if any f the rules have a Status f Failed. If any f the rules have a Failed status, yur system des nt meet the minimum requirement f the crrespnding rule. Yu must update yur envirnment t meet the 37

38 AvePint Perimeter Manager system requirements, and then click the Rescan buttn t check yur envirnment again. If any f the rules have a Warning status, yur system meets the minimum requirement f the crrespnding rule but des nt meet the recmmended cnditin. In this case, yu can still click Next t cnfigure the Manager Service Cnfiguratin. If all f the rules are Passed, yur system meets all f the recmmended cnditins in the AvePint Perimeter Manager system requirements. Click Next t cnfigure the Manager Service Cnfiguratin. 8. Set up the Manager Service Cnfiguratin: a. Manager Service Hst Enter the current machine s hstname, IP address, r fully qualified dmain name (FQDN). *Nte: Ensure that the Manager Service hst can cmmunicate with all f the Agent machines thrugh the entered hstname, IP address, r FDQN. b. IIS Website Settings Cnfigure the IIS website settings fr the Manager Service. Create a new IIS website that will be used t access Perimeter Manager. Create a new IIS Website Enter the website name and create a new IIS website fr the Manager Service. D nt change the default website prt (16000) used t access Perimeter Manager Service unless a prt cnflict exists. Website Prt Manager Service cmmunicatin prt. The default prt is *Nte: If yu change the prt after the installatin cmpletes, g t the \AvePint\Perimeter\Manager\bin\cnfig directry n the server where Perimeter Manager is installed, find the AppSettings.Cnfig file, make the same change t the value f the CntrlPrt attribute in the AppSettings.cnfig file, and then restart the IIS website. Otherwise, Perimeter features cannt wrk well. c. Applicatin Pl Settings Create a new IIS applicatin pl fr the Manager Service s website. The applicatin pl is used t handle requests that are sent t the Manager Service s website. Create a new applicatin pl Enter the applicatin pl name and applicatin pl accunt settings t create a new IIS applicatin pl fr the Manager Service s website. d. Click Next t cnfigure the database settings fr the Manager Service. 9. AvePint Perimeter Manager supprts MS SQL databases nly, s nly MS SQL is available as the Database Type. Cnfigure the fllwing settings fr the Manager Cnfiguratin Database: a. Database Server The MS SQL Server name. *Nte: Ensure that SQL Server meets the SQL Server Requirements fr AvePint Perimeter Databases. 38

39 b. Database Name Enter a database name fr the Manager Service. If the database des nt exist, it will be created in the MS SQL Database Server entered abve. c. Database Credentials Select the credentials fr this Manager Cnfiguratin database. Windws Authenticatin (the default ptin) Use this methd if yu want the user s identity t be cnfirmed by Windws. By default, this accunt is the applicatin pl accunt cnfigured in the previus step instead f the currently lgged-in accunt and cannt be changed. As such, this accunt must have either the dbcreatr server rle in the SQL Server that will cntain the new Manager Cnfiguratin database r the db_wner database rle in the existing Manager Cnfiguratin database. SQL Authenticatin SQL Server will cnfirm the user s identity accrding t the user s accunt and passwrd. The accunt must have the fllwing permissins: db_wner database rle in the existing Manager Cnfiguratin database r dbcreatr server rle in the SQL Server that will cntain the Manager Cnfiguratin database. *Nte: If yu want t change the database credentials after the installatin, refer t Updating Database Credentials. 10. Click Next t prceed with the installatin, r click Back t change any f the previus settings. Click Cancel t abandn all cnfiguratins and exit the installatin wizard. 11. The installatin prcess displays via the prgress bar in the Installatin Prcess page. 12. Once the Manager installatin cmpletes, a pp-up windw appears t ask whether t cntinue t install the Gelcatin database immediately. T install the Gelcatin database immediately, click Yes t access the Gelcatin Database Settings page t start t install the Gelcatin database. Fr details n installing the Gelcatin database, refer t Installing Gelcatin Database. T finish the Manager Installatin withut installing the Gelcatin database, click N t access the Cmplete page. 13. In the Cmplete page, click Finish t exit the installatin wizard. Installing AvePint Perimeter Agents Befre installing AvePint Perimeter Agents: See Where t Install AvePint Perimeter Agents. Ensure that the AvePint Perimeter Agent Server Requirements are met. Ensure that the user running the installatin wizard is a member f the lcal Administratrs grup n the current server. Verify that the AvePint Perimeter Manager Service is running. 39

40 T install AvePint Perimeter Agents, cmplete the fllwing steps: 1. Dwnlad the Agent ZIP file by requesting a dem versin r by cntacting an AvePint representative fr links t this package. 2. Extracted this package. 3. Navigate t the AvePint Perimeter Agent directry, and duble-click the Setup.exe file. The Welcme screen appears. 4. Click Install Agent. 5. Carefully review the License Agreement. 6. After yu have read the agreement, check the I accept the terms in the license agreement checkbx, and click Next. 7. Click Brwse. 8. Select the lcatin fr the Agent installatin. The default installatin lcatin is C:\Prgram Files\AvePint. Click Next. 9. Perimeter will perfrm a brief pre-scan f the envirnment t ensure that all rules meet the AvePint Perimeter Agent system requirements. The status fr each rule will be listed in the Status clumn. Click the status hyperlink t view detailed infrmatin n the scan results, r click Details t view detailed infrmatin n all f the requirements. *Nte: Yu cannt prceed with the installatin if the Status f any f the rules is Failed. If the status f any rule is Failed, yur system des nt meet the minimum requirement f the crrespnding rule. Yu must update yur envirnment t meet the AvePint Perimeter Agent system requirements, and then click the Rescan buttn t check yur envirnment again. If the status f any rule is Warning, yur system meets the minimum requirement f the crrespnding rule but des nt meet the recmmended cnditin. In this case, yu can still click Next t cnfigure the Cmmunicatin Cnfiguratin. If all f the rule statuses are Passed, yur system meets all f the recmmended cnditins in the AvePint Perimeter Agent system requirements. Click Next t cnfigure the Cmmunicatin Cnfiguratin. 10. After verifying that the requirements abve are met, set up the Cmmunicatin Cnfiguratin: a. Perimeter Agent Hst Enter the current server s hstname, IP address, r fully qualified dmain name (FQDN). b. Perimeter Agent Prt The prt entered here is used by the Manager r ther Agents fr cmmunicatin. The default prt number is c. Manager Service Hst The hstname r IP address f the machine that has the Manager Service installed n it. 40

41 d. Manager Service Prt The prt used fr cmmunicatin with Manager Service. This prt shuld match the infrmatin yu entered during the Manager cnfiguratin. The default prt number is e. Agent Accunt Enter the Agent accunt under which the Agent activities are perfrmed. Ensure that the AvePint Perimeter Agent Accunt has the permissins explained in the Permissin Requirements fr AvePint Perimeter Agent sectin f this guide. 11. Click Next t begin the installatin, click Back t change any f the previus settings, r click Cancel t abandn all cnfiguratins and exit the installatin wizard. 12. After the installatin cmpletes, click Finish t exit the installatin wizard. Mdifying Perimeter Agent Cnfiguratins T mdify the cnfiguratin f an already-installed Perimeter Agent, use the AvePint Perimeter Agent Cnfiguratin Tl by cmpleting the fllwing steps: 1. Navigate t the server where the Agent yu want t cnfigure is installed. 1. Navigate t Start > All Prgrams > AvePint Perimeter. 2. Open the Agent flder and click AvePint Perimeter Agent Cnfiguratin Tl t access this tl. 3. Mdify the desired Agent Cmmunicatin settings in this tl. Fr mre infrmatin n cnfiguring the settings, refer t Installing AvePint Perimeter Agents. 4. When yu finish the cnfiguratins, click OK t save the mdificatins and exit this tl. Installing AvePint Perimeter External Prtal and Gateway T install the AvePint Perimeter External Prtal and Gateway n a server, ensure that AvePint Perimeter External Prtal and Gateway Server Requirements are met and the user running the installatin wizard is a member f the lcal Administratrs grup f the current server. T install the AvePint Perimeter External Prtal and Gateway, cmplete the fllwing steps: 1. Dwnlad the Manager ZIP file by requesting a dem versin r by cntacting an AvePint representative fr links t this package. 2. Extract the package. 3. In the extracted AvePint Perimeter Manager directry, duble-click the Setup.exe file. The Welcme screen appears. 4. Click Install External Prtal and Gateway. 5. Carefully review the License Agreement. 41

42 6. After yu have read the agreement, select the I accept the terms in the license agreement checkbx, and click Next. 7. Click Brwse. 8. Select the lcatin fr the External Prtal and Gateway installatin. The default installatin lcatin is C:\Prgram Files\AvePint. Click Next. 9. Perimeter perfrms a brief pre-scan f the envirnment t ensure that yur system meets the AvePint Perimeter External Prtal and Gateway system requirements. The status fr each rule is listed in the Status clumn. Click the status hyperlink t view detailed infrmatin n the scan results, r click Details t view detailed infrmatin n all f the requirements. *Nte: Yu cannt prceed with the installatin if the Status f any f the rules is Failed. If the status f any rule is Failed, yur system des nt meet the minimum requirement f the crrespnding rule. Yu must update yur envirnment t meet the AvePint Perimeter External Prtal and Gateway system requirements, and then click the Rescan buttn t check yur envirnment again. If the status f any rule is Warning, yur system meets the minimum requirement f the crrespnding rule but des nt meet the recmmended cnditin. In this case, yu can still click Next t cnfigure the Prtal and Gateway Cnfiguratin. If all f the rule statuses are Passed, yur system meets all f the recmmended cnditins in the AvePint Perimeter External Prtal and Gateway system requirements. Click Next t cnfigure the Prtal and Gateway Cnfiguratin. 10. Set up the Prtal and Gateway Cnfiguratin: a. Prtal and Gateway Hst Enter the current machine s hstname, IP address, r fully qualified dmain name (FQDN). *Nte: Ensure that the External Prtal and Gateway hst can cmmunicate with all f the Agent machines thrugh the entered hstname, IP address, r FDQN. b. IIS Website Settings Cnfigure the IIS website settings fr the AvePint Perimeter External Prtal and Gateway. Create a new IIS website that will be used t access the AvePint Perimeter External Prtal and Gateway. Create a new IIS Website Enter the website name and create a new IIS website fr the External Prtal and Gateway. D nt change the default website prt (16003) used t access the External Prtal and Gateway unless a prt cnflict exists. Website Prt Enter the External Prtal and Gateway cmmunicatin prt. The default prt is *Nte: If yu change the prt after the installatin cmpletes, g t the \AvePint\Perimeter\GatewayPrtal\bin\cnfig directry n the server where Perimeter External Prtal and Gateway is installed, find the AppSettings.Cnfig file, make the same change t the value f the CntrlPrt attribute in the 42

43 AppSettings.cnfig file, and then restart the IIS website. Otherwise, Perimeter features cannt wrk well. c. Applicatin Pl Settings Create a new IIS applicatin pl fr the External Prtal and Gateway s website. The applicatin pl is used t handle requests that are sent t the External Prtal and Gateway s website. Create a new applicatin pl Enter the name fr a new IIS applicatin pl yu want t create fr the External Prtal and Gateway s website. Applicatin Pl Accunt Enter the username and passwrd f the accunt used t create the new applicatin pl. d. Click Next t cnfigure the database settings fr the External Prtal and Gateway. 11. T ensure that the AvePint Perimeter External Prtal and Gateway can run prperly, yu must ensure the Prtal is cnnected t the same Manager Cnfiguratin database cnfigured fr yur Perimeter Manager. AvePint Perimeter Manager Cnfiguratin database supprts MS SQL databases nly, s nly MS SQL is available as the Database Type. Cnfigure the fllwing settings fr cnnecting the External Prtal and Gateway t the Manager Cnfiguratin database: a. Database Server The MS SQL Server which cntains the Manager Cnfiguratin database used by the Perimeter Manager. a. Database Name Enter the database name fr the Manager Cnfiguratin database used by the Perimeter Manager. b. Database Credentials Select the credentials fr this Manager Cnfiguratin database. Windws Authenticatin (the default ptin) Use this methd if yu want the user s identity t be cnfirmed by Windws. By default, this accunt is the applicatin pl accunt chsen in the previus step and cannt be changed. As such, this accunt must have the db_wner database rle in the Manager Cnfiguratin database specified abve. SQL Authenticatin SQL Server will cnfirm the user s identity accrding t the user s accunt and passwrd. The accunt must have the db_wner database rle in the Manager Cnfiguratin database specified abve. *Nte: If yu want t change the database credentials after the installatin, refer t Updating Database Credentials. 12. Click Next t prceed with the installatin, click Back t change any f the previus settings, r click Cancel t abandn all cnfiguratins and exit the installatin wizard. The installatin prcess displays via the prgress bar in the Installatin Prcess page. Once the installatin cmpletes, click Finish t exit the installatin wizard. *Nte: After installatin cmpletes, make sure the Perimeter External Prtal and Gateway Server can use the SMTP server t relay s t the external users. 43

44 Applying and Publishing the External Prtal and Gateway T ensure all f the users can access the AvePint Perimeter External Prtal via the Internet and the AvePint Perimeter mbile apps can cmmunicate with the AvePint Perimeter Manager via the Gateway, the External Prtal and Gateway s Website need t be published t the Internet. There are tw methds fr publishing the External Prtal and Gateway: publishing the External Prtal and Gateway directly, r publishing the External Prtal and Gateway via reverse prxy. Fr additinal security, AvePint recmmends publishing the External Prtal and Gateway via reverse prxy. Publishing the External Prtal and Gateway Directly T publish the External Prtal and Gateway directly t the Internet, cnfigure prt mapping between the public URL and the internal URL n the ruter. The ruter will frward all f the requests t the public URL, and users can then access the External Prtal and Gateway using the public URL. Publishing the External Prtal and Gateway via Reverse Prxy T publish the External Prtal and Gateway via reverse prxy, yu need a reverse prxy server that is mapped t the public URL and that can frward requests frm the public URL t the back-end External Prtal and Gateway server. Fr detailed infrmatin n this step, see Publishing the External Prtal and Gateway via Reverse Prxy. Installing Gelcatin Database (ptinal) By using the AvePint Perimeter Gelcatin Database Installatin Wizard, yu can install the Gelcatin database by creating a new Gelcatin database r ppulating an existing blank database with the required gegraphy lcatin infrmatin. Befre installing the Gelcatin database, ensure that the AvePint Perimeter Gelcatin Database Server and Installatin Wizard System Requirements are met and that the user running the installatin wizard has the permissins required Permissin Requirements fr Gelcatin Database. T install the AvePint Perimeter Gelcatin Database, cmplete the fllwing steps: 1. Dwnlad the Manager ZIP file by requesting a dem versin r by cntacting an AvePint representative fr links t this package. 2. Extract the package. 3. In the extracted AvePint Perimeter Manager directry, duble-click the Setup.exe file. The Welcme screen appears. 4. Click Install Gelcatin Database. 5. Carefully review the License Agreement. 44

45 6. After yu have read the agreement, select the I accept the terms in the license agreement checkbx, and click Next. 7. Click Brwse. 8. Select the lcatin t stre the files that will be used t install the Gelcatin database t the target SQL Server. The default lcatin is C:\Prgram Files\AvePint. Click Next. 9. Perimeter perfrms a brief pre-scan f the envirnment t ensure that yur system meets the AvePint Perimeter Gelcatin Database Installatin Wizard system requirements. The status fr each rule is listed in the Status clumn. Click the status hyperlink t view detailed infrmatin n the scan results, r click Details t view detailed infrmatin n all f the requirements. *Nte: Yu cannt prceed with the installatin if the Status f any f the rules is Failed. If the status f any rule is Failed, yur system des nt meet the minimum requirement f the crrespnding rule. Yu must update yur envirnment t meet the AvePint Perimeter Gelcatin database server system requirements, and then click the Rescan buttn t check yur envirnment again. If the status f any rule is Warning, yur system meets the minimum requirement f the crrespnding rule but des nt meet the recmmended cnditin. In this case, yu can still click Next t cnfigure the Gateway Cnfiguratin. If all f the rule statuses are Passed, yur system meets all f the recmmended cnditins in the AvePint Perimeter Gelcatin Database Installatin Wizard system requirements. Click Next t cnfigure the database settings fr the Gelcatin database. 10. AvePint Perimeter Manager supprts MS SQL databases nly, s nly MS SQL is available as the Database Type. Cnfigure the fllwing settings fr the Gelcatin database: a. Database Server The MS SQL Server name. *Nte: Ensure that SQL Server meets the SQL Server Requirements fr AvePint Perimeter Databases. b. Database Name Enter a database name fr the new Gelcatin database yu want t create in the MS SQL Database Server entered abve r the blank Gelcatin database yu want t ppulate the gegraphy lcatin infrmatin. c. Database Credentials Select the credentials fr this Gelcatin database. Windws Authenticatin (the default ptin) Use this methd if yu want the user s identity t be cnfirmed by Windws. By default, this accunt is the accunt used t run this installatin wizard and cannt be changed. As such, this accunt must have the dbcreatr server rle t the SQL Server that will cntain the new Gelcatin database and the db_wner database rle in the existing blank Gelcatin database. SQL Authenticatin SQL Server will cnfirm the user s identity accrding t the user s accunt and passwrd. The accunt must have the fllwing 45

46 permissins: db_wner database rle in the existing blank Gelcatin database r dbcreatr server rle in the SQL Server that will cntain the new Gelcatin database. 11. Click Next t prceed with the installatin, click Back t change any f the previus settings, r click Cancel t abandn all cnfiguratins and exit the installatin wizard. The installatin prcess displays via the prgress bar in the Installatin Prcess page. 12. Once the installatin cmpletes, click Finish t exit the installatin wizard. 13. After installing the Gelcatin database, perfrm a maintenance jb t reduce the database size. Cntact yur SQL Server database administratr fr yur rganizatin s guidelines n perfrming this step. Fr mre infrmatin n shrinking a database, refer t Micrsft s TechNet article, Shrink a Database. Installing AvePint Perimeter WOPI Hst Server T install the AvePint Perimeter WOPI Hst Server n a server, ensure that AvePint Perimeter WOPI Hst Server System Requirements are met and the user running the installatin wizard is a member f the lcal Administratrs grup f the current server. *Nte: If yu want t cnfigure the lad balance fr WOPI Hst Servers, yur WOPI Hsts must be cnfigured t use Office Online T install the AvePint Perimeter WOPI Hst Server, cmplete the fllwing steps: 1. Dwnlad the Manager ZIP file by requesting a dem versin r by cntacting an AvePint representative fr links t this package. 2. Extract the package. 3. In the extracted AvePint Perimeter Manager directry, duble-click the Setup.exe file. The Welcme screen appears. 4. Click Install WOPI Hst Server. 5. Carefully review the License Agreement. 6. After yu have read the agreement, select the I accept the terms in the license agreement checkbx, and click Next. 7. Click Brwse. 8. Select the lcatin fr the WOPI Hst Server installatin. The default installatin lcatin is C:\Prgram Files\AvePint. Click Next. 9. Perimeter perfrms a brief pre-scan f the envirnment t ensure that yur system meets the AvePint Perimeter WOPI Hst Server system requirements. The status fr each rule is listed in the Status clumn. Click the status hyperlink t view detailed infrmatin n the scan results, r click Details t view detailed infrmatin n all f the requirements. *Nte: Yu cannt prceed with the installatin if the Status f any f the rules is Failed. 46

47 If the status f any rule is Failed, yur system des nt meet the minimum requirement f the crrespnding rule. Yu must update yur envirnment t meet the AvePint Perimeter WOPI Hst Server system requirements, and then click the Rescan buttn t check yur envirnment again. If the status f any rule is Warning, yur system meets the minimum requirement f the crrespnding rule but des nt meet the recmmended cnditin. In this case, yu can still click Next t cnfigure the WOPI Hst Server Cnfiguratin. If all f the rule statuses are Passed, yur system meets all f the recmmended cnditins in the AvePint Perimeter WOPI Hst Server system requirements. Click Next t cnfigure the WOPI Hst Server Cnfiguratin. 10. Set up the WOPI Hst Server Cnfiguratin: a. WOPI Hst Server Hst Enter the current machine s hstname, IP address, r fully qualified dmain name (FQDN). *Nte: Ensure that the WOPI Hst Server hst can cmmunicate with all f the Agent machines thrugh the entered hstname, IP address, r FDQN. b. IIS Website Settings Cnfigure the IIS website settings fr the AvePint Perimeter WOPI Hst Server. Create a new IIS website that will be used t access the AvePint Perimeter WOPI Hst Server. Create a new IIS Website Enter the website name and create a new IIS website fr the WOPI Hst Server. D nt change the default website prt (16005) used t access the WOPI Hst Server unless a prt cnflict exists. Website Prt Enter the WOPI Hst Server cmmunicatin prt. The default prt is *Nte: If yu change the prt after the installatin cmpletes, g t the \AvePint\Perimeter\WpiServer\bin\cnfig directry n the server where Perimeter WOPI Hst Server is installed, find the AppSettings.Cnfig file, make the same change t the value f the CntrlPrt attribute in the AppSettings.cnfig file, and then restart the IIS website. Otherwise, Perimeter features cannt wrk well. c. Applicatin Pl Settings Create a new IIS applicatin pl fr the WOPI Hst Server s website. The applicatin pl is used t handle requests that are sent t the WOPI Hst Server s website. Create a new applicatin pl Enter the name fr a new IIS applicatin pl yu want t create fr the WOPI Hst Server s website. Applicatin Pl Accunt Enter the username and passwrd f the accunt used t create the new applicatin pl. d. Click Next t cnfigure the database settings fr the WOPI Hst Server. 47

48 11. T ensure that the WOPI Hst Server can wrk prperly, yu must ensure the WOPI Hst Server is cnnected t the same Manager Cnfiguratin database cnfigured fr yur Perimeter Manager. AvePint Perimeter Manager Cnfiguratin database supprts MS SQL databases nly, s nly MS SQL is available as the Database Type. Cnfigure the fllwing settings fr cnnecting the WOPI Hst Server t the Manager Cnfiguratin database: a. Database Server The MS SQL Server which cntains the Manager Cnfiguratin database used by the Perimeter Manager. b. Database Name Enter the database name fr the Manager Cnfiguratin database used by the Perimeter Manager. c. Database Credentials Select the credentials fr this Manager Cnfiguratin database. Windws Authenticatin (the default ptin) Use this methd if yu want the user s identity t be cnfirmed by Windws. By default, this accunt is the applicatin pl accunt chsen in the previus step and cannt be changed. As such, this accunt must have the db_wner database rle in the Manager Cnfiguratin database specified abve. SQL Authenticatin SQL Server will cnfirm the user s identity accrding t the user s accunt and passwrd. The accunt must have the db_wner database rle in the Manager Cnfiguratin database specified abve. 12. Click Next t prceed with the installatin, click Back t change any f the previus settings, r click Cancel t abandn all cnfiguratins and exit the installatin wizard. The installatin prcess displays via the prgress bar in the Installatin Prcess page. 13. Once the installatin cmpletes, click Finish t exit the installatin wizard. 48

49 Setting Up Yur Firewall t Unblck Specific Prts The firewall mnitrs and restricts the netwrk traffic. Add the exceptins fr the fllwing prts t allw the cnnectins. Surce Destinatin Prts Cmments Prtcl Directin Admin cnsle Perimeter Cnnect Management Cnsle with TCP Tw Ways Manager/Internal Prtal Server web brwser External Users Office Web App 443 HTTPS cnnectin t OWA Server TCP One Way Server External Users Perimeter External HTTPS cnnectin t Perimeter TCP One Way Prtal Server Gateway (r thrugh Reverse Prxy) Office Web App Server Perimeter WOPI Hst Server Custmizable in WOPI Hst Server installatin TCP One Way Perimeter External Prtal Server Perimeter External Prtal Server Perimeter External Prtal Server Perimeter External Prtal Server Perimeter External Prtal Server Perimeter External Prtal Server Active Directry Dmain Cntrller SMTP/Exchange Server Shared File Lcatin SharePint Web frnt-end server with Perimeter Agent installed SharePint Web frnt-end server Perimeter Manager/Internal Prtal Server Depend n cnfiguratin Active Directry Prts TCP/UDP One Way 587 SMTP Prt (Default Prt: 587) TCP One Way 445 SMB Prts (Default Prt: 445) TCP One Way Custmizable in Perimeter Agent installatin *Nte: If yu have islated the SharePint Web frnt-end server frm the External Prtal server, this prt will nt be used. Fr details, refer t Islating SharePint Web Frnt-End Server frm Perimeter External Prtal and Gateway Server. 80/443 SharePint Web Applicatin Prts (Default Prt: 80/443) *Nte: If yu have islated the SharePint Web frnt-end server frm the External Prtal server, this prt will nt be used. Fr details, refer t Islating SharePint Web Frnt-End Server frm Perimeter External Prtal and Gateway Server External Prtal server uses this prt t cnnect Manager/Internal Prtal server fr data checking and dwnlad file frm SharePint TCP Http/https TCP One Way One Way Tw Ways

50 Surce Destinatin Prts Cmments Prtcl Directin Perimeter SQL Server 1433 SQL Prts (Default Prt: 1433) TCP One Way External Prtal Server Perimeter Manager/Internal Prtal Server TCP One Way Perimeter Manager/Internal Prtal Server Perimeter Manager/Internal Prtal Server Perimeter Manager/Internal Prtal Server Perimeter Manager/Internal Prtal Server Perimeter Manager/Internal Prtal Server Perimeter Manager/Internal Prtal Server Perimeter Manager/Internal Prtal Server Perimeter Manager/Internal Prtal Server Apple Push Ntificatin service (APNs) External (Apple) Ggle Clud Messaging (GCM) Active Directry Dmain Cntrller 2195 AvePint Perimeter Manager sends real-time push ntificatins t ios devices via the Apple Push Ntificatin service (APNs). After the Manager installatin cmpletes, yu need t cnfigure the firewall f yur Manager server t allw APNs traffic t get past yur firewall. 5228, 5229, 5230, r 443 Depend n cnfiguratin GCM des nt prvide specific IP addresses, s yu must allw yur firewall t accept utging cnnectins t all f the IP addresses cntained in the IP blcks listed in Ggle's ASN f TCP prts: 5228, 5229, and GCM typically nly uses 5228, but it smetimes uses 5229 and The newer versins f Andrid als fall back t prt 443 if prts are blcked by a firewall. TCP One Way Active Directry Prts TCP/UDP One Way SQL Server 1433 SQL Prts (Default Prt: 1433) TCP One Way SMTP/Exchange server Perimeter WOPI Hst Server Perimeter External Prtal Server Shared File Lcatin SharePint Web frnt-end server 587 SMTP Prt (Default Prt: 587) TCP One Way Custmizable in the WOPI Hst Server installatin, and required fr testing the cnnectin t WOPI Hst Server and cllecting diagnstic lg file Custmizable in the External Prtal installatin and required fr testing the cnnectin t External Prtal server and cllecting diagnstic lg file 445 SMB prts used by Perimeter manager t check shared file lcatin TCP TCP TCP One Way One Way One Way 80/443 SharePint Web Applicatin Prts TCP One Way 50

51 Surce Destinatin Prts Cmments Prtcl Directin Perimeter SharePint Web Perimeter Manager cmmunicates with TCP One Way Manager/Internal Prtal Server frnt-end server with Perimeter Agent installed Perimeter Agent Perimeter WOPI SQL Server 1433 SQL Prts (Default Prt: 1433) TCP One Way Hst Server Perimeter WOPI SMTP/Exchange 587 SMTP prt (Default Prt: 587) TCP One Way Hst Server server Perimeter WOPI SharePint Web 80/443 SharePint Web Applicatin Prts TCP One Way Hst Server frnt-end server (Default Prt: 80/443) Perimeter WOPI Hst Server Shared File Lcatin 445 SMB prts used by WOPI Hst server t access shared file lcatin TCP One Way Perimeter WOPI Hst Server SharePint Web frnt-end server with Perimeter Agent installed SharePint Web frnt-end server with Perimeter Agent installed Perimeter Manager/Internal Prtal Server Custmizable in Perimeter Agent installatin Perimeter Agent replies t Perimeter Manager TCP TCP One Way One Way 51

52 Cnfiguring the Integratin f the External Prtal and SAP Jam Grup AvePint prvides an XML file s that SAP Jam grup wner can use this file in the OpenScial Gadget t enable the integratin. The URL f that XML file is in the frmat f After yu have finished the installatin f all Perimeter cmpnents, yu must g t a cnfiguratin file t update that URL with yur external prtal hstname and prt number. Cmplete the steps belw: 1. Navigate t the \AvePint\Perimeter\Manager\files directry n the server where Perimeter External Prtal is installed. 2. Open the PerimeterList.xml file using Ntepad. 3. Find the actin = ' attribute in this file, and change the External Prtal hstname and prt number t the value f this attribute. 4. Save the mdificatin and clse the file. Updating Database Credentials Cmplete the steps belw t update the access credentials fr the Perimeter Manager database r External Prtal and Gateway database. 1. Find the Cmmand Prmpt n the server where the Perimeter Manager r the External Prtal and Gateway has been installed. 2. Right-click Cmmand Prmpt, and then select Run as administratr in the drp-dwn list. 3. Enter the full path f the PerimeterManagerPstInstall.exe file in the bin flder under the installatin path f Perimeter Manager server r the External Prtal and Gateway server. 4. Enter s and then press Enter t display the access infrmatin. 5. Enter PerimeterManagerPstInstall.exe c false username. Replace the username with the user yu want t use in the future. Fllw the message t enter the passwrd f the user. *Nte: If yu want t use Windws Authenticatin t access databases, enter PerimeterManagerPstInstall.exe c true. 6. Exit the Cmmand Prmpt windw after the executin cmpletes.

53 Islating SharePint Web Frnt-End Server frm Perimeter External Prtal and Gateway Server T islate the SharePint Web frnt-end servers that have Perimeter Agent installed frm the Perimeter External Prtal & Gateway server and use the Perimeter Manager & Internal Prtal server t cmmunicate with the SharePint Web frnt-end servers, cmplete the steps belw: 1. G t the \AvePint\Perimeter\GatewayPrtal\bin\Cnfig directry n the server where Perimeter External Prtal and Gateway is installed. 2. Find the AppSettings.cnfig file and pen it with Ntepad. 3. Add the <add key= IslateExPrtalSP value= true /> nde int the <appsettings></appsettings> nde. 4. Save the cnfiguratins and clse this file. 5. Restart the IIS service n the External Prtal and Gateway server. 53

54 Updating AvePint Perimeter T update yur Perimeter system t Perimeter 1.9.1, yu must update the Perimeter Manager, Gateway, Prtal, and Agents via the Upgrade slutin tl. The upgrade slutin tl is an autmated tl that enables yu t directly update Perimeter t the latest versin. This tl is prvided in the update patch AvePint_Perimeter_1.0_SP9_CU1.zip. *Nte: If yu have changed the AvePint Perimeter s IIS website names r applicatin pl names after the installatin f the Manager, External Prtal and Gateway, and WOPI Hst Server cmpleted, yu must mdify the infrmatin in specific cnfiguratin files as well befre yu start the update prgress. Fr details, refer t Befre Getting Started with the Update. If yu purchased AvePint Perimeter Pr and are using the Secured Share slutin, refer t Updating AvePint Perimeter Pr Secured Share Slutin after updating the Perimeter cmpnents listed belw. Befre Getting Started with the Update If yu have changed the IIS website names r applicatin pl names fr Perimeter Manager, External Prtal and Gateway, r WOPI Hst Server after the installatin cmpleted, yu must make the same changes in the PerimeterManagerPstInstall.Cnfig file. Otherwise, the update may fail. T check and edit the pst installatin infrmatin, cmplete the steps belw: 1. G t the bin flder under the installatin path f Perimeter Manager server, External Prtal and Gateway server, and the WOPI Hst Server. The default Manager installatin path is \AvePint\Perimeter\Manager; the default External Prtal and Gateway installatin path is \AvePint\Perimeter\GatewayPrtal; the default WOPI Hst Server installatin path is \AvePint\Perimeter\WpiServer. 2. Find the PerimeterManagerPstInstall.Cnfig file and pen it with Ntepad. 3. Cnfirm r edit the values f the WebSiteName attribute and the AppPlName attribute t ensure that these values are same as the website names and applicatin pl names listed in IIS Manager. 4. Save the changes and clse the file. Updating AvePint Perimeter Manager and Agent Cmpnents Using the Perimeter Upgrade Slutin This sectin explains hw t update Perimeter Manager and Agent cmpnents using the upgrade slutin tl. T use this tl, run the tl n the AvePint Perimeter Manager server. The user running this tl must be a member f the lcal Administratrs grup n the Perimeter Manager server. 54

55 Launching the Perimeter Upgrade Slutin The Perimeter Upgrade Slutin is included in yur Perimeter update package. Fllw the steps belw t launch the Perimeter Upgrade Slutin: 1. Dwnlad the AvePint_Perimeter_1.0_SP9_CU1.zip flder by cntacting an AvePint representative. 2. Cpy the dwnladed AvePint_Perimeter_1.0_SP9_CU1.zip file t the AvePint Perimeter Manager server r AvePint Perimeter External Prtal and Gateway server f the Perimeter system t be updated. 3. Extract the AvePint_Perimeter_1.0_SP9_CU1.zip flder. 4. Open the extracted AvePint_Perimeter_1.0_SP9_CU1 flder and duble-click the RunUpgrade.bat file t start the Perimeter Upgrade Slutin. The Requirement Pre-Scan interface fr updating AvePint Perimeter appears, and the Requirement Pre-Scan starts autmatically. Fr details n the Requirement Pre-Scan, see the next sectin Running the Requirement Pre-Scan. Running the Requirement Pre-Scan In the Requirement Pre-Scan interface, the Perimeter Upgrade Slutin autmatically scans yur envirnment t ensure the fllwing requirements are met: Net.TCP Prt Sharing Service is running This requirement ensures that the AvePint Perimeter services can share the prts fr cmmunicatin during the upgrade. Checking if the AvePint Perimeter Manager Service is running This requirement ensures that the AvePint Perimeter Manager Service is running n the AvePint Perimeter Manager server. Checking if the adapter fr AvePint Perimeter Manager Service is installed This requirement ensures that the AvePint Perimeter Manager Service adapter is installed n the current server. The Perimeter Upgrade Slutin uses this adapter t retrieve infrmatin frm the AvePint Perimeter Manager Service. Yu cannt advance t the next step if any f the requirements have a Status f Failed. If any f the requirements have a Failed status, update yur envirnment and then click the Retry Scan buttn t scan yur envirnment again. Once all f the requirements have a Passed status, click Cntinue. Prceed t the next sectin in this guide. Cnfiguring Service Cnnectin Cnfigure the service hst t cnnect the lcal hst t the service yu want t update. Cmplete the fllwing settings: 55

56 Lcal Hst Cnfirm the lcal hstname r IP address f the server that is running this update. Service Hst Cnfirm the hstname r IP address f the server where the service yu want t update resides. Service Prt Cnfirm the prt number fr cnnecting t this service. Click Cntinue. Refer t the next sectin fr instructins. Cnfiguring Update Settings The Update Settings interface allws yu t view and custmize the general settings in the Perimeter Upgrade Slutin. T access Update Settings, click the settings ( ) buttn in the upper-right crner f the Perimeter Upgrade Slutin interface. In the Update Settings interface, yu can view the fllwing settings: Patch Strage Lcatin The lcatin t stre the update patches imprted frm the lcal system. The default path is the \PatchManager\PatchFlder directry under the extracted flder n the lcal system. Update Prt The prt used t cmmunicate with the Perimeter Service hst servers during the update prcesses. The default update prt is Yu can use the default Update Settings, r custmize these Update Settings by cmpleting the fllwing steps: 1. Patch Strage Lcatin Select the desired lcatin t stre the update patches imprted frm the lcal system by cmpleting the fllwing steps: a. Click the Brwse buttn. The Brwse Fr Flder windw appears. b. Select the desired flder and click OK. *Nte: Yu must ensure the current lgn user has Write permissins in the selected flder. 2. Update Prt Enter the desired prt int the Update Prt text bx fr cmmunicating with the Perimeter Service hst servers during the update prcesses and click Test t verify whether the entered prt is available. 3. Click Save t save the cnfiguratins. Updating Services The Upgrade interface prvides a wizard fr installing an update patch n the Perimeter Service hst servers. T use the Upgrade wizard fr updating services, cmplete the fllwing steps: 1. Access the Upgrade wizard by clicking Upgrade in the AvePint Perimeter hmepage, r clicking Upgrade n the ribbn. 56

57 2. In the Step 1. Patch Selectin interface, yu will imprt update patches frm yur server and select the update patch fr updating AvePint Perimeter: a. Click Imprt Patch. The Open windw appears. b. Select the desired update patch and click Open. The Perimeter Upgrade Slutin will imprt the selected update patch t the Patch Strage Lcatin cnfigured in the Update Settings interface. After the selected patch is successfully imprted, yu can view the detailed infrmatin f the imprted patch in the viewing pane, including the patch name, type, versin, size and last installatin time. T view the prduct versins that can be updated via installing an update patch, select the patch in the viewing pane and click Supprted Versins n the ribbn. A pp-up windw appears, listing the supprted prduct versins f the selected update patch. T delete a previusly imprted update patch frm the lcal system, select the patch in the viewing pane and click Delete Patch n the ribbn. The riginal file and the crrespnding file stred in the Patch Strage Lcatin will be deleted at the same time. c. Select the update patch that will be used t update AvePint Perimeter in the viewing pane. d. Click Next. 3. In the Step 2. Service Selectin interface, all f AvePint Perimeter s installed services are displayed in the viewing pane, including the service hst address, service prt, current versin, service type, service status, and the installatin status f the update patch selected in the previus step. *Nte: Yu must ensure the selected service is started and the current versin f the selected service is included in the Supprted Versins f the update patch selected in the previus step. Select the services yu want t update in the viewing pane and click Next. Yu can select Manager cmpnents (Manager, External Prtal and Gateway, and WOPH Hst Server) and Agents at the same time t update the services tgether. 4. In the Step 3. Overview interface, the update patch selected in Step 1. Patch Selectin and services selected in Step 2. Service Selectin are displayed in the viewing pane. Review yur update selectins and click Install t start the installatin. *Nte: If a restart f the IIS service n the service hst is needed after the update patch installs, a pp-up message will ask yu if yu want t restart the IIS service immediately after installatin cmpletes, r d it manually later. 5. In the Step 4. Installatin Prgress interface, the installatin prgress is displayed via the prgress bar. In the viewing pane, yu can view the installatin prgress fr each service hst. T view the details f the installatin prgress n a specific service hst, click View Details in the Actin clumn f the crrespnding service hst and view the details in the pp-up windw. 6. Click Next. 57

58 7. In the Installatin Cmplete page, perfrm ne f the fllwing peratin: T exit this Perimeter Upgrade Slutin, click Finish. T use the Upgrade wizard t update ther services, click Cntinue Upgrade t g t the Step 1. Patch Selectin interface f the Upgrade wizard. T g t the AvePint Perimeter hmepage, click G t AvePint Perimeter. Viewing Update Histry After yu have installed r attempted t install patches t update AvePint Perimeter, yu can view the update histry f AvePint Perimeter and the installatin histry f imprted update patches in the View Histry interface. T access View Histry, click View Histry in the AvePint Perimeter hmepage r click View Histry n the ribbn. There are tw tabs in the View Histry interface: Patch On this tab, all f the patches yu have installed r attempted t install are displayed, including the patch name, type, versin, size and last installatin time f each patch. Fr details infrmatin n viewing the installatin histry f a specific patch, refer t Viewing Installatin Histry f Update Patches. Service On this tab, all f the services yu have updated r attempted t update are displayed, including the service hst, service type, service status, and update time f each service. Fr details infrmatin n viewing the update histry f a specific service, refer t Viewing Update Histry f Services. Viewing Installatin Histry f Update Patches T view the installatin histry f a specific update patch, cmplete the fllwing steps: 1. Click the Patch tab. 2. On the Patch tab, select the update patch whse installatin histry yu want t view and click View Histry in the Actin clumn. The Installatin Histry interface fr the selected patch appears. 3. In the Installatin Histry interface, all f the services where this patch has been installed r attempted t install are displayed, including the service hst, service type, installatin status, installatin time f each service. T view the details f the installatin prgress f the selected patch n a specific service, select the desired service and click View Details in the Actin clumn. The View Histry interface appears, displaying the details f the installing the selected patch n the selected service. Viewing Update Histry f Services T view the update histry f a specific service, cmplete the fllwing steps: 1. Click the Service tab. 58

59 2. On the Service tab, select the service whse update histry yu want t view and click View Histry in the Actin clumn. The Update Service Histry interface fr the selected patch appears. 3. In the Update Service Histry interface, all f the patches yu have installed r attempted t install n this service are displayed, including the patch name, patch versin, installatin status, installatin time f each patch. T view the details f the update histry f a specific service by installing a specific update patch, select the desired patch and click View Details in the Actin clumn. The View Histry interface appears, displaying the details f the installing the selected patch n the selected service. Updating AvePint Perimeter Pr Secured Share Slutin If yu have deplyed the AvePint Perimeter Pr Secured Share slutin in yur SharePint farm, yu must remve the previusly deplyed slutin frm the farm and then deply the new AvePint Perimeter slutin. T update the AvePint Perimeter Pr Secured Share slutin in yur SharePint farm, fllw the steps belw t remve the previusly deplyed slutin and then deply the new versin s slutin: 1. G t the Central Administratin interface f yur SharePint farm and navigate t System Settings > Manage farm slutins t access the Slutin Management interface. 2. Click the link f the slutin. The Slutin Prperties page appears. 3. Click Retract Slutin t retract the slutin frm the farm. The Retract Slutin page appears. 4. Click OK and return t the Slutin Management page. 5. After the status f the slutin becmes Nt Deplyed, click the link f the slutin. The Slutin Prperties page appears. 6. Click Remve Slutin and click OK in the windw t remve the slutin frm the SharePint farm. After the slutin is remved, the slutin is n lnger displayed in the Slutin Management page. 7. Deply the new AvePint Perimeter Pr Secured Share slutin f Perimeter t yur SharePint farm. Fr details, refer t Deplying and Activating the AvePint Perimeter Secured Share Feature. 8. After the AvePint Perimeter Pr Secured Share slutin is successfully updated t Perimeter 1.9.1, yu als need t update the data f the files that were shared via the previusly deplyed Secured Share feature within yur SharePint farm t ensure these files can be prperly accessed and managed in Perimeter T update the data f the secured shared files, manually run a Secure share maintenance timer jb in Perimeter Manager > Cnfigure > Timer Jb Definitin. Fr detailed infrmatin n manually running a timer jb, refer t Mnitring Timer Jb Definitin. 59

60 Lgging int AvePint Perimeter Management Cnsle fr the First Time T access AvePint Perimeter Manager, ensure yur brwser is included in the Supprted Brwsers fr AvePint Perimeter Manager. In AvePint Perimeter Manager, multiple administratr accunts may be cnfigured in the Accunt Manager. Hwever, when lgging int AvePint Perimeter Manager fr the first time, yu must lg in using the built-in administratr accunt credentials shwn belw: Lgin ID: admin Passwrd: admin By default, the built-in administratr accunt has the Secure Share Cntrl permissin level in Perimeter Management Cnsle. In the Lgin page f the Perimeter Management Cnsle, yu can select the Remember my lgin ptin t let the Management Cnsle remember yur lgin credentials, which will allw yu t autmatically lg int the Management Cnsle withut prviding yur lgin credentials in a specific time range. T enable this feature, cnfigure the settings in the AppSettings.cnfig file. Fr details n enabling this feature and custmize the time range, refer t Remembering the Lgin Credentials fr Autmatic Sign- In. *Nte: If yur Perimeter envirnment is updated frm Perimeter 1.7 r earlier, the permissins f the existing Perimeter administratrs will be the same as befre. Changing Yur Passwrd Since AvePint Perimeter is a security prduct, AvePint highly recmmends that yu change this passwrd upn initial lgin regardless f whether yu are trialing the prduct r installing it nt a prductin envirnment. Cmplete the steps belw t edit yur accunt settings and change yur passwrd. 1. When yu lg int the Perimeter Manager GUI, the currently lgged-n user will be displayed at the tp right crner f the Perimeter interface. Click the current username. A drp-dwn list appears. Click My Settings and enter the My Settings page. 2. In the My Settings interface, yu can view the detailed infrmatin f the current lgged-n user and the Administratin grups it belngs t. Click Edit n the ribbn. 3. In the Passwrd Settings field, select the Change my passwrd ptin. If ne user des nt have the permissin t change the passwrd, the passwrd field is dimmed ut. Prvide yur Old passwrd and enter and cnfirm yur new passwrd. 60

61 4. After yu finish the cnfiguratin, click Save t save yur changes and exit the My Settings page. Remembering the Lgin Credentials fr Autmatic Sign-In By default, if yu select the Remember my Lgin ptin n the Perimeter Management Cnsle Lgin page, nly yur accunt name will be remembered. If yu want t allw the Perimeter Management Cnsle t remember yur lgin credentials (username and passwrd) s that the users can autmatically lg int the Management Cnsle within a specific time range, cmplete the steps belw: 1. G t the \AvePint\Perimeter\Manager\bin\Cnfig directry n the server where the Perimeter Manager is installed. 2. Find the AppSettings.cnfig file and pen it with Ntepad. 3. Add the <add key= keepmesignin value= true /> nde int the <appsettings></appsettings> nde. With the value set t true, selecting the Remember my Lgin ptin will allw the Management Cnsle t remember yur lgin credentials and keep yu signed in within 8 hurs by default. 4. T change the time range, find the <add key= keepmesigninhurs value= 8 /> nde. Enter anther integer fr the value attribute. The unit f time is Hur. 5. Save the cnfiguratins and clse this file. 61

62 Overview f the Cnfiguratins in the AvePint Perimeter Management Cnsle After yu lgged int the Perimeter Management Cnsle as the Perimeter administratr, yu can get started with Cnfiguring Perimeter General Settings r add ther administratr accunts int the Management Cnsle and cntrl their activities in the Management Cnsle by granting them specific permissin levels. AvePint Perimeter prvides nly tw default permissin levels: Full Cntrl and Secure Share Cntrl. The built-in administratr accunt is granted the Secure Share Cntrl permissin level by default. The Secure Share Cntrl permissin level nly prvides users with access t the basic settings f using Perimeter and the Secure Share related cnfiguratins; The Full Cntrl permissin level allws users t access any settings in the Perimeter Management Cnsle. Fr details n managing administratr accunts and the permissin levels, refer t Cnfiguring Admin Accunts. The Hme page f the Perimeter Management Cnsle lists all f the basic settings required fr using Secure Share and the cnfiguratins that enhance the use f the Secure Share feature. Refer t Cnfiguring Perimeter Secure Share Pr Features fr the verview f deplying and using the Secure Share feature, and refer t Cnfiguring Cntent Access Cntrl t SharePint Sites fr the instructins n cntrlling and mnitring access t the SharePint sites. Cnfiguring Perimeter General Settings T wrk with Perimeter, yu must cmplete the fllwing general settings: 1. Cnfiguring General Settings 2. Cnfiguring Ntificatin Settings 3. Cnfiguring Windws Phne Lg Lcatin (Optinal) 4. Request and cnfigure a Bing Maps key, if yu want t use Bing Maps in Perimeter fr lcatin services. Fr details, refer t Applying the Bing Maps Key. Cnfiguring Perimeter Secure Share Pr Features After Cnfiguring Perimeter General Settings, fllw the steps belw t cnfigure the AvePint Perimeter Pr Secured Share and Virtual Views features. Click the links t jump t the crrespnding sectins fr detailed instructins. 1. T enable internal users f yur rganizatin t share files with thers via the AvePint Perimeter Secured Share feature within SharePint sites, cmplete the fllwing settings: 62

63 a. Deplying the AvePint Perimeter Secured Share Slutin n a SharePint 2016 Farm, Deplying the AvePint Perimeter Secured Share Slutin n a SharePint 2013 Farm, r Deplying the AvePint Perimeter Secured Share Slutin n a SharePint 2010 Farm b. Activating the AvePint Perimeter Secured Share Feature 2. T cnfigure settings fr managing Secure Share feature, yu can perfrm the fllwing actins: Cnfiguring System Credentials Cnfiguring Shared File Lcatin Cnfiguring Office Web Apps Server Settings Cnfiguring Secure Share Cntrl Plicy Allwing SharePint Permissins t Decide the Available Permissin Levels Cnfiguring Watermark Settings Cnfiguring Cntent Access Cntrl fr Secure Share Cnfiguring Secure Share Optins and Custmizatins Sending Secured Share Ntificatin as the Shared by User Enabling Update Ntificatin Custmizing the Threshld fr Sending Reminder Ntificatins fr Lcked Shared Files n the External Prtal Allwing Users that are nt Shared With t Sign Up t the External Prtal Defining the Default Expiratin Duratin fr Secure Share via CONFIG File Defining the Minimum Interval fr Sending a One-Time Access Passcde Cnfiguring External User Passwrd Plicy 3. T view and manage all f the files shared via the AvePint Perimeter Secured Share feature, use the Manage Shared Files feature in Perimeter Manager. Fr details, see Managing Shared Files. 4. T share SharePint files with grups f users based n predefined criteria via the Virtual Views feature in AvePint Perimeter Manager, cmplete the fllwing settings: a. Managing User Access Grups b. Cnfiguring Virtual Views fr Sharing Files in Bulk c. Sharing Virtual Views with User Access Grups 63

64 Cnfiguring Cntent Access Cntrl t SharePint Sites After Cnfiguring Perimeter General Settings, fllw the steps belw t deply cntent access cntrl n yur SharePint envirnment. Click the links t jump t the crrespnding sectins fr detailed instructins. 1. First, enrll mbile devices int this AvePint Perimeter management system. This allws yu t manage mbile device access and cnfigure cntent access cntrl features fr yur SharePint envirnment. Fr detailed instructins, refer t Sending an Individual Device Enrllment Request. 2. T cntrl cntent access t yur envirnment via any device, cmplete the fllwing settings: *Nte: T use the Lcatin Type and Lcatin cnditins while cnfiguring rules fr Cntent Access Plicy features, cnfigure the settings in steps a, b, and c befre perfrming step d. a. Cnfiguring Gelcatin Database Cnnectin (ptinal) b. Cnfiguring Lcatin Grups (ptinal) c. Cnfiguring Lcatins (ptinal) *Nte: In rder t set cntent access plicies fr a particular user/device, that device must be enrlled in this step. Fr infrmatin n enrlling devices, see Enrlling a Device. d. Cnfiguring Cntent Access Plicies 3. T publish SharePint sites fr secured accessing via enrlled devices based n pre-defined criteria, cmplete the fllwing settings: a. Managing Device Grups b. Cnfiguring Site Access Permissin fr Enrlled Devices 4. T mnitr end-user activity and lcatins within yur envirnment via Burglar Alarm Rules, cmplete the fllwing settings: *Nte: T use Dcument Activity Burglar Alarm rules which mnitr user activities using the same definitins as SharePint audit events (Fr details n these activities, refer t Types f Burglar Alarm Rules), cnfigure the settings in steps a,b, and c befre perfrming step d. a. Cnfiguring SharePint Audit Settings fr Dcument Activity Rules at the Web Applicatin r Site Cllectin Level (ptinal) b. Retrieving Audit Data fr Dcument Activity Rules (ptinal) c. Cnfiguring Dcument Activity Cllectins (ptinal) d. Cnfiguring and Applying Burglar Alarm Rules 64

65 Deplying and Activating the AvePint Perimeter Secured Share Feature Prir t using the AvePint Perimeter Secured Share feature in yur SharePint farm, yu must deply the AvePintPerimeterSecureShare.wsp slutin n yur SharePint farm. The sectins belw ffer detailed instructins n deplying and activating the AvePint Perimeter Secured Share feature t SharePint farms. Deplying the AvePint Perimeter Secured Share Slutin n a SharePint 2016 Farm T deply the AvePintPeirmeterSecureShare2016.wsp slutin n yur SharePint 2016 farm, cmplete the steps belw: 1. Lg int the Agent server which is the Web frnt-end server f the SharePint farm where yu want t deply the AvePintPerimeterSecureShare2016.wsp slutin as a member f the Lcal Administratrs grup f the lcal cmputer and a member f the Farm Administratrs f yur SharePint farm. 2. Navigate t Start > All Prgrams > Micrsft SharePint 2016 Prducts. 3. Right-click n SharePint 2016 Management Shell and select Run as administratr. 4. In the Administratr: SharePint 2016 Management Shell cmmand line interface, enter and run the fllwing cmmand: add-spslutin 5. Enter the path f the AvePintPerimeterSecureShare2016.wsp file fr the LiteralPath parameter and press Enter t start installing the AvePintPerimeterSecureShare2016.wsp slutin n yur SharePint farm. The AvePintPerimeterSecureShare2016.wsp slutin file is stred in the \bin\secureshare\2016 flder under the installatin path f the Perimeter Agent. The default path is \Prgram Files\AvePint\Perimeter\Agent\bin\SecureShare\2016\AvePintPerimeterSecureShare2016.wsp. When the cmmand is successfully executed, the AvePintPerimeterSecureShare2016.wsp slutin is installed n yur SharePint farm. 6. T verify that the AvePintPerimeterSecureShare2016.wsp is installed n yur SharePint farm, navigate t Central Administratin > System Settings > Manage farm slutins in SharePint t access the Slutin Management page. Yu can view the avepintperimetersecureshare2016.wsp in the Slutin Management page. 7. T deply the avepintperimetersecureshare2016.wsp slutin n yur SharePint farm, click the avepintperimetersecureshare2016.wsp slutin t access the Slutin Prperties page. 8. Click Deply Slutin. The Deply Slutin page appears. 9. In the Deply When? field, select Nw. 65

66 10. In the Deply T? field, select All Cntent Web applicatins frm the drp-dwn list. 11. Click OK t start deplying the slutin. When the slutin is successfully deplyed, the Status f the avepintperimetersecureshare2016.wsp slutin in the Slutin Management page becmes Deplyed, and the Deply T clumn displays all f the cntent Web applicatins within this farm. Deplying the AvePint Perimeter Secure Share Slutin n a SharePint 2013 Farm In yur SharePint 2013 farm, there may be site cllectins in either SharePint 2013 experience versin r SharePint 2010 experience versin. If yu nly want t use the secure share feature in SharePint 2013 experience versin site cllectins, cmplete the steps belw t deply the AvePintPerimeterSecureShare.wsp slutin: 1. Lg int the Agent server which is the Web frnt-end server f the SharePint farm where yu want t deply the AvePintPerimeterSecureShare.wsp slutin as a member f the Lcal Administratrs grup f the lcal cmputer and a member f the Farm Administratrs f yur SharePint farm. 2. Navigate t Start > All Prgrams > Micrsft SharePint 2013 Prducts. 3. Right-click n SharePint 2013 Management Shell and select Run as administratr. 4. In the Administratr: SharePint 2013 Management Shell cmmand line interface, enter and run the fllwing cmmand: add-spslutin 5. Enter the path f the AvePintPerimeterSecureShare.wsp file fr the LiteralPath parameter and press Enter t start installing the AvePintPerimeterSecureShare.wsp slutin n yur SharePint farm. The AvePintPerimeterSecureShare.wsp slutin file is stred in the \bin\secureshare\2013 flder under the installatin path f the Perimeter Agent. The default 66

67 path is \Prgram Files\AvePint\Perimeter\Agent\bin\SecureShare\2013\AvePintPerimeterSecureShare.wsp. Figure 2: Administratr: SharePint 2013 Management Shell cmmand line interface. When the cmmand is successfully executed, the AvePintPerimeterSecureShare.wsp slutin is installed n yur SharePint. 6. T verify that the AvePintPerimeterSecureShare.wsp is installed n yur SharePint farm, navigate t Central Administratin > System Settings > Manage farm slutins in SharePint t access the Slutin Management page. Yu can view the avepintperimetersecureshare.wsp in the Slutin Management page. 7. T deply the avepintperimetersecureshare.wsp slutin n yur SharePint farm, click the avepintperimetersecureshare.wsp slutin t access the Slutin Prperties page. 8. Click Deply Slutin. The Deply Slutin page appears. 9. In the Deply When? field, select Nw. 10. In the Deply T? field, select All Cntent Web applicatins frm the drp-dwn list. 11. Click OK t start deplying the slutin. 12. When the slutin is successfully deplyed, the Status f the avepintperimetersecureshare.wsp slutin in the Slutin Management page becmes Deplyed, and the Deply T clumn displays all f the cntent Web applicatins within this farm. *Nte: If yu want t use the Secure Share feature in either SharePint 2010 experience versin site cllectins r SharePint 2013 experience versin site cllectins in a SharePint 2013 farm, yu must install and deply the slutin as fllws: 1. Lg int the Agent server which is the Web frnt-end server f the SharePint farm where yu want t deply the AvePintPerimeterSecureShare.wsp slutin as a member f the Lcal Administratrs grup f the lcal cmputer and a member f the Farm Administratrs f yur SharePint farm. 2. Navigate t Start > All Prgrams > Micrsft SharePint 2013 Prducts. 3. Right-click n SharePint 2013 Management Shell and select Run as administratr. 67

68 4. In the Administratr: SharePint 2013 Management Shell cmmand line interface, enter getspslutin and press Enter. Cpy the slutin ID frm the SlutinId clumn f AvePintPerimeterSecureShare.wsp 5. Enter the fllwing cmmands: Install-SPSlutin Identity SlutinId AllWebApplicatins GACDeplyment CmpatibilityLevel {14,15} *Nte: Enter the SlutinId that was cpied in Step 4 f AvePintPerimeterSecureShare.wsp slutin as the value f the Identity parameter. 6. When the cmmand is successfully executed, the AvePintPerimeterSecureShare.wsp slutin is installed n yur SharePint 2013 farm and deplyed t all f the Web applicatins cntaining the site cllectins in either the SharePint 2010 r SharePint 2013 experience versin. 68

69 Deplying the AvePint Perimeter Secured Share Slutin n a SharePint 2010 Farm T deply the AvePintPerimeterSecureShare2010.wsp slutin n yur SharePint 2010 farm, cmplete the fllwing steps: 1. Lg int the Agent server which is the Web frnt-end server f the SharePint farm where yu want t deply the AvePintPerimeterSecureShare2010.wsp slutin as a member f the Lcal Administratrs grup f the lcal cmputer and a member f the Farm Administratrs f yur SharePint farm. 2. Navigate t Start > All Prgrams > Micrsft SharePint 2010 Prducts. 3. Right-click n SharePint 2010 Management Shell and select Run as administratr. 4. In the Administratr: SharePint 2010 Management Shell cmmand line interface, enter and run the fllwing cmmand: add-spslutin 5. Enter the path f the AvePintPerimeterSecureShare2010.wsp file fr the LiteralPath parameter and press Enter t start installing the AvePintPerimeterSecureShare2010.wsp slutin n yur SharePint farm. The AvePintPerimeterSecureShare2010.wsp slutin file is stred in the \bin\secureshare\2010 flder under the installatin path f the Perimeter Agent. The default path is \Prgram Files\AvePint\Perimeter\Agent\bin\SecureShare\2010\AvePintPerimeterSecureShare2010.wsp. Figure 3: Installing the slutin in the Administratr: SharePint 2010 Management Shell cmmand line interface. When the cmmand is successfully executed, the AvePintPerimeterSecureShare2010.wsp slutin is installed n yur SharePint. 69

70 6. T verify that the AvePintPerimeterSecureShare2010.wsp is installed n yur SharePint farm, navigate t Central Administratin > System Settings > Manage farm slutins in SharePint t access the Slutin Management page. Yu can view the avepintperimetersecureshare2010.wsp in the Slutin Management page. 7. T deply the avepintperimetersecureshare2010.wsp slutin n yur SharePint farm, click avepintperimetersecureshare2010.wsp t access the Slutin Prperties page. 8. Click Deply Slutin. The Deply Slutin page appears. 9. In the Deply When? field, select Nw. 10. In the Deply T? field, select All Cntent Web applicatins frm the drp-dwn list. 11. Click OK t start deplying the slutin. 12. When the slutin is successfully deplyed, the Status f the avepintperimetersecureshare2010.wsp slutin in the Slutin Management page becmes Deplyed, and the Deply T clumn displays all f the cntent Web applicatins within this farm. Activating the AvePint Perimeter Secured Share Feature After the AvePintPerimeterSecureShare2016.wsp (fr SharePint 2016), AvePintPerimeterSecureShare.wsp (fr SharePint 2013), r avepintperimetersecureshare2010.wsp (fr SharePint 2010) slutin is deplyed t a Web applicatin, the AvePint Perimeter Secured Share feature is added t each site within the Web applicatin. T activate the AvePint Perimeter Secured Share feature in SharePint sites, select either f the fllwing methds: T activate the AvePint Perimeter Secured Share feature in ne site at a time, fllw the instructins in Activating the AvePint Perimeter Secured Share Feature in Site Settings. T activate the AvePint Perimeter Secured Share feature in all f the sites within site cllectins in bulk, fllw the instructins in Activating the AvePint Perimeter Secured Share Feature Using SharePint Management Shell Cmmand Lines. *Nte: If users wh d nt belng t the Active Directry dmain within yur SharePint farm can lg int sites using ADFS authenticatin, they can als use the AvePint Perimeter Secured Share feature t share files frm sites where this feature is active. T ensure that these users can prperly use the AvePint Perimeter Secured Share feature, yu must first synchrnize these users t the Perimeter system frm the dmain cntrller f the Active Directry dmain they reside in befre activating the AvePint Perimeter Secured Share feature in the site. T d this, use the Synchrnize Active Directry Users feature. Fr details, refer t Synchrnizing Active Directry Users. 70

71 Activating the AvePint Perimeter Secured Share Feature in Site Settings T activate the AvePint Perimeter Secured Share feature in a site, cmplete the steps belw: 1. Access the site fr which yu want t activate AvePint Perimeter Secured Share feature. In SharePint 2010, navigate t: Site Actins > Site Settings > Manage site features. In SharePint 2013 and SharePint 2016, navigate t: Settings Icn ( ) > Site Settings > Manage site features. 2. Click Activate next t the AvePint Perimeter Secured Share feature t enable the feature fr this site. 3. After activating the AvePint Perimeter Secured Share feature, the status f the feature reads Active in the Status clumn. 4. Click OK t save the change. Activating the AvePint Perimeter Secured Share Feature Using SharePint Management Shell Cmmand Lines T activate the AvePint Perimeter Secured Share feature in all f the sites within site cllectins in bulk, use the SharePint Management Shell by cmpleting the fllwing steps: 1. Lg int the Web frnt-end server that cntains the sites where yu want t activate the AvePint Perimeter Secured Share feature as a member f the lcal Administratrs grup. 2. Navigate t Start > All Prgrams > Micrsft SharePint 2016 Prducts/Micrsft SharePint 2013 Prducts/Micrsft SharePint 2010 Prducts. 3. Right-click n SharePint 2016 Management Shell/SharePint 2013 Management Shell/SharePint 2010 Management Shell and select Run as administratr. The Administratr: SharePint 2016 Management Shell/Administratr: SharePint 2013 Management Shell/Administratr: SharePint 2010 Management Shell cmmand line interface appears. 4. Enter the fllwing cmmand t get the URLs f the site cllectins where yu want t activate the AvePint Perimeter Secured Share feature in each child site and press Enter. $sites = Get-SPSite [ -limit all select url [ is used t filter the URLs f the desired site cllectins. In this case, this cmmand is used t get the URLs f all f the site cllectins within the Web applicatin. 5. Enter $sites and press Enter t display the URLs that the cmmand in step 4 generates. 6. Enter either f fllwing cmmands and press Enter t activate the AvePint Perimeter Secured Share feature in each site within the site cllectins whse URLs are displayed in step 5. T activate the AvePint Perimeter Secured Share feature in a SharePint 2013 r SharePint 2016 envirnment, enter freach ($site in $sites) {enablespfeature -identity "AvePintPerimeter_ES" -url $site.url} and press Enter. 71

72 T activate the AvePint Perimeter Secured Share feature in a SharePint 2010 envirnment, enter freach ($site in $sites) {enable-spfeature -identity "AvePintPerimeter2010_ES2010" -url $site.url} and press Enter. After the cmmand is executed successfully, the AvePint Perimeter Secured Share feature are activated in each site within the site cllectins gtten by the cmmand in step 4. Figure 4: Activating the AvePint Perimeter Secured Share Feature using SharePint Management Shell cmmand lines. 72

73 Dashbard Interface Fr an verview f the management system in a mre intuitive way, navigate t the Dashbard t view the charts f the All Access Lgs, Internal Users Last Lcatins, Access Lgs Per Platfrm (Last 7 Days), All Internal Devices, External Users Last Lcatins, and All External Devices. The Dashbard interface is nt available fr the users wh nly have the Secure Share Cntrl permissin level. Viewing All Access Lgs The All Access Lgs Graph displays all f the lgin sessins by day, week r mnth. The X-axis is the date, week r mnth. The Y-axis is the number f lgin sessins by day/week/mnth. Yu can click the previus ( ) buttn and the next ( ) buttn t turn the page t mre data f the previus perid r the next perid. Viewing Internal Users Last Lcatins The Users Last Lcatins bar chart displays the distributin f all f the internal users last lcatins. The Y-axis is the lcatin name and the X-axis is the user cunt f the crrespnding lcatin. Viewing Access Lgs Per Platfrm (Last 7 Days) The Access Lgs Per Platfrm (Last 7 Days) bar chart displays the platfrm distributin f the devices used in the lgin sessin in the last 7 days. The X-axis is the platfrm name and the Y-axis is the sessin cunt f the crrespnding platfrm. Viewing All Internal Devices The All Internal Devices ring chart displays the platfrm distributin f all f the enrlled internal devices (including internal users persnal devices and wrk-issued devices). The ring chart cnsists f parts with different clrs. Each clr refers t a type f platfrm. Yu can als hver yur cursr ver each part t view the cunt and percentage f the crrespnding platfrm s enrlled devices, r click n the part t view the detailed infrmatin f the crrespnding platfrm s enrlled devices. Viewing External Users Last Lcatins The External Users Last Lcatins bar chart displays the distributin f all f the external users last lcatins. The Y-axis is the lcatin name and the X-axis is the user cunt f the crrespnding lcatin. 73

74 Viewing All External Devices The All External Devices ring chart displays the platfrm distributin f all f the enrlled external users devices. The ring chart cnsists f parts with different clrs. Each clr refers t a kind f platfrm. Yu can als hver yur cursr ver each part t view the cunt and percentage f the crrespnding platfrm s enrlled devices, r click n the part t view the detailed infrmatin f the crrespnding platfrm s enrlled devices. 74

75 Cnfigure Menu The Cnfigure menu in AvePint Perimeter allws yu t custmize cnfiguratins that affect the entire AvePint Perimeter platfrm. Here yu can cnfigure the System Settings, Admin Accunts, Applicatin Settings, Mnitr, Secured Share, and Windws Phne Lgs. Cnfiguring System Settings System Settings includes the Agent Mnitr, Gelcatin Database and License Manager. Refer t sectins belw t view and manage yur Perimeter Agents and licenses. Using Agent Mnitr T access Agent Mnitr, navigate t the Cnfigure menu, and click Agent Mnitr under the System Settings heading. In Agent Mnitr, yu will see a list f the AvePint Perimeter Agents that have been registered t the current AvePint Perimeter Manager Service. Yu can custmize hw yur Agents are displayed in the fllwing ways: Manage Clumns Manages which clumns are displayed in the list by using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see will be shwn. Click the Manage Clumns, select the checkbxes next t the clumn names in the drp-dwn list, and then click OK t have the selected clumns shwn in the list. The clumns available fr selecting are: Agent Name The hst name f each registered Agent. Status The status f each registered Agent. Agent Hst The hst name/ip address cnfigured during the Perimeter Agent Installatin. Versin The AvePint Perimeter versin f each registered Agent. Farm Name The name f the farm where the Agent resides. Last Registratin Time The last registratin time f the Agent. Filter the clumn Filters which Agents are displayed in the list by Agent STATUS. Click the clumn name STATUS, select the checkbxes next t the status values, and click OK t have the crrespnding Agents shwn in the list. Srt the clumn ( ) T srt the Agents, click the clumn name f the AGENT NAME, FARM NAME, r LAST REGISTRATION TIME clumn and then select t srt the Agents in ascending r descending rder. Select an Agent by selecting the checkbx next t the Agent Name, and then click the pen menu buttn ( ) t the right f the AGENT NAME t select the actins yu want t perfrm r click the crrespnding buttns n the ribbn: 75

76 Cnfigure After yu select an Agent, this buttn becmes available. Click Cnfigure n the ribbn t access the Cnfigure interface. Here, yu can cnfigure the SharePint Accunt fr the Agent. SharePint Accunt The SharePint Accunt is used by the Perimeter Agent t prvide Perimeter with access and cntrl t yur SharePint envirnment. The default SharePint accunt is the Agent accunt cnfigured during the Agent Installatin. T cnfigure a new SharePint accunt fr the Perimeter Agent, enter the Username and Passwrd fr the desired accunt int the crrespnding text bx. The accunt cnfigured here must have the required permissins fr Agent accunt in the Permissin Requirements fr AvePint Perimeter Agent sectin f this guide. Click Validatin Test t see whether the values yu entered are valid, and then click Save t save the cnfiguratin. Restart Click Restart n the ribbn t restart the selected Perimeter Agent. This may be useful in situatins where the data transfer rate is sluggish, r if a running jb hangs. Remve If an Agent is dwn, click Remve t remve it frm this Perimeter management system. The remved Agent will n lnger be used by the Perimeter Manager. Nte that this des nt uninstall the Agent. If yu want t re-cnnect a remved Agent t the Manager, use the AvePint Perimeter Agent Cnfiguratin tl. Cnfiguring Gelcatin Database Cnnectin T access the Gelcatin Database, navigate t the Cnfigure menu, and click Gelcatin Database under the System Settings heading. In Gelcatin Database, yu can cnfigure the Gelcatin database cnnectin fr yur Perimeter Manager. If yu cnnect yur Perimeter Manager t a Gelcatin database, yu can define lcatin grups based n gegraphic and plitical bundary data frm the database withut relying n data retrieved frm external resurces like Bing Maps. Fr mre infrmatin n cnfiguring lcatin grups based n gegraphic and plitical bundaries, refer t Adding a New Gegraphic Lcatin Grup. T cnnect yur Perimeter Manager t an available Gelcatin database, cmplete the fllwing steps: 1. Cnfigure the settings in the Database Settings sectin: a. Database Type AvePint Perimeter Manager supprts MS SQL databases nly, s MS SQL is the nly available Database Type. b. Database Server The MS SQL Server name that cntains the Gelcatin database t which yu want t cnnect. c. Database Name Enter the database name fr the Gelcatin database t which yu want t cnnect. 76

77 2. Database Credentials Select the credentials t access this Gelcatin database. Windws Authenticatin (the default ptin) Use this methd if yu want the user s identity t be cnfirmed by Windws. By default, this accunt is the current lgn accunt f yur Perimeter Manager server cannt be changed. As such, this accunt must have the db_wner database rle in the Gelcatin database entered abve. SQL Authenticatin SQL Server will cnfirm the user s identity accrding t the user s accunt and passwrd. The accunt must have the db_wner database rle in the Gelcatin database entered abve. 3. Click Validatin Test t see whether the infrmatin yu entered are valid and click Save t save the cnfiguratins, r click Cancel t exit this page withut saving the cnfiguratins. Cnfiguring IP Lcatin Database Yu can cnfigure an IP lcatin database t allw Perimeter t lcate the users via IP address fr Secure Share cntent access cntrl. The IP lcatin database includes the IP2Lcatin LITE data. Mre infrmatin is available at T access the IP Lcatin Database, navigate t the Cnfigure menu, and click IP Lcatin Database under the System Settings heading. Cmplete the steps belw t cnfigure the IP Lcatin Database settings: 1. Select the Enable IP lcatin database ptin t enable the IP lcatin database settings. 2. In the Database Settings sectin, chse the crrespnding mde fr creating a new database r using an existing IP lcatin database. *Nte: The existing IP lcatin database must be a database f SQL Server. 3. Enter the hstname r IP address f the database server int the Database Server text bx, and enter the database name that yu want t create r use int the Database Name text bx. 4. In the Database Credentials sectin, select the authenticatin type f yur credentials used t access the database, and then click Validatin Test t test the cnnectin. 5. Click Create t create a new IP lcatin database r click Save t save the settings fr using an existing database. Using License Manager T access License Manager, navigate t the Cnfigure menu, and click License Manager under the System Settings heading. In License Manager, yu can view and manage the license infrmatin and the licensed users. *Nte: By default, there is a 30-day built-in trial license in the dwnladed package. This license ensures that yu can have AvePint Perimeter up and running right after the Manager and Agent installatin cmpletes. The license expires 30 days after the initial Perimeter Manager installatin. T btain an 77

78 fficial license, cntact yur lcal AvePint representative fr details. The fllwing users will cnsume the Perimeter license: the users wh use Secure Share feature t share items and the users wh enrll their devices. Viewing License Infrmatin In the License Manager interface, yu can view the fllwing infrmatin: License Type Shws whether yu have an Enterprise license. License Versin Shws the versin f the license. Ttal User Quantity The number f internal end-users that can be registered int the Perimeter management system using this license. T view the detail infrmatin n each registered internal user, g t the Manage Internal Users interface. Fr mre infrmatin n using the Manage Internal Users interface, refer t Managing Internal Users. Expiratin Time The expiratin time f yur license. Registered User Quantity The number f registered internal end-users within the current Perimeter management system with this license. Remaining User Quantity The remaining number f internal end-users that can be registered int the Perimeter management system with this license. Status Shws whether yur Perimeter license is wrking. Secured Share Shws whether yu have purchased the license fr the Pr features: the AvePint Perimeter Secured Share feature and the Virtual Views feature. Imprting and Exprting License Files In License Manager, yu can imprt a license file t apply a new license as well as exprt a license file t a lcal cmputer. T imprt a license file, cmplete the fllwing steps: 1. Click Imprt n the ribbn. The Imprt License interface appears. 2. In the Imprt License interface, click Brwse. 3. Find and chse the desired LIC file, then click Open. Click Preview t preview the details f the imprted license file. 4. Click Apply t apply this license, r click Cancel t return t the previus page withut applying this license. T exprt a license file, click Exprt n the ribbn. Yur brwser will prmpt yu t pen r save the LIC file. Click Save r Save as t save it t a designated lcatin. 78

79 Cnfigure License Expiratin Alert Settings If yu want t send license expiratin alerts by , enable the Send reminder feature in the Settings page and cnfigure the alert settings. Fllw the instructins belw: 1. In the License Manager page, click the Settings buttn n the ribbn. 2. In the Expiratin Settings sectin, select the Send reminder ptin t enable the alert. 3. Enter the addresses int the Reminder Recipients bx t receive the alert . Use semiclns (;) t separate the addresses. 4. In the Reminder Schedule field, yu can cnfigure when t start sending the alert. Enter a number int the bx t start sending alerts befre the specified number f days the license expires. Managing Licensed Users If yu want t view and manage licensed users, click Manage Licensed Users n the ribbn. In the Manage Licensed Users page, yu can view all f the licensed users and their basic infrmatin, search license users, remve inactive licensed users, r assign the license and sharing f inactive licensed users t ther users. Remve If yu want t remve the license frm an inactive user, select that user and click Remve n the ribbn. Yu can select multiple inactive users t remve their licenses in bulk. The devices they enrlled will be wiped and all f the secure shares shared by them will be deleted and they will n lnger be able t manage the shared items via Perimeter mbile app r Prtals. Assign If yu want t remve licensed users and assign their license and sharing t anther user, select thse users in the table and click Assign. In the Assign windw, enter a user in the bx and check the username. Yu can nly enter ne user t inherit the license and sharing. Click Assign. The devices f the selected licensed users will be wiped and all f secure shares shared by them will be assigned t the user yu entered. The selected licensed users will n lnger have access t the shared items thrugh Perimeter mbile app r Prtals. Cnfiguring External User Passwrd Plicy In the External User Passwrd Plicy page, yu can enable the passwrd plicy fr external users and chse the passwrd plicy yu want t enfrce n the external users passwrds when passwrds are being changed r created. Cmplete the steps belw t cnfigure the external user passwrd plicy: 79

80 1. T access External User Passwrd Plicy, navigate t the Cnfigure menu, and then click External User Passwrd Plicy under the System Settings heading. 2. In the External User Passwrd Plicy page, select the Enable passwrd plicy fr external users ptin t enfrce the passwrd plicy n external users passwrds. 3. In the Passwrd Strength field, select the type f passwrd plicy yu want t enfrce. Enfrce nly minimum length and passwrd lifespan With this ptin selected, external users passwrds nly need t meet the minimum passwrd length and the expiratin settings. Enfrce defined plicy AND the minimum length and passwrd lifespan With this ptin selected, the external users passwrds must meet the cmplexity requirement in additin t the minimum passwrd length and the expiratin settings. 4. Minimum Passwrd Length Enter a number between 6 and 14 int the text bx t define the minimum character length f external users passwrds 5. Passwrd Lifespan Select the N end date ptin if the external users passwrds are allwed t never expire, r select the Expire after ptin t define when the passwrd will expire after being created r changed. Expire after Enter an integer greater than zer int the text bx, and then select Days, Weeks, Mnths, r Years frm the drp-dwn list as the time unit. 6. Click Save t save yur cnfiguratin, r click Cancel t exit the External User Passwrd Plicy page withut saving any changes. Cnfiguring Admin Accunts The Admin Accunts interface allws yu t view and manage administratr accunts fr AvePint Perimeter, as well as cnfigure administratin grups with custm permissin levels. Here, yu can give specific users, r grups f users, yur desired permissin levels f access t AvePint Perimeter. It is imprtant t understand hw users, grups, and permissins wrk tgether in AvePint Perimeter: users are placed int grups, and grups are then assigned permissins. Only grups are assigned permissins, s yu must create at least ne grup and assign that grup permissins. T assign nly ne user a specific permissin level, create a grup, place that user in the grup, and then assign the grup the desired permissin level. Managing Permissin Levels Use Permissin Levels t create pre-cnfigured permissins that can be applied t user grups. This way yu can quickly and easily apply the same permissin cnfiguratin t multiple users. 80

81 T cnfigure permissin levels fr AvePint Perimeter, navigate t the Cnfigure menu, and then click Permissin Level under the Admin Accunts heading. In the Permissin Level interface, the tw default permissin levels and all previusly cnfigured permissin levels are displayed. Yu can custmize hw these permissin levels are displayed: Manage Clumns Click Manage Clumns in the upper-right crner, select the checkbxes next t the clumn names in the drp-dwn list, and click OK t have the selected clumns shwn in the list. The clumns available fr selecting are: Name The name f the permissin level. Descriptin The descriptin f the permissin level. Srt the clumn T srt permissin levels, click the clumn name f the NAME clumn, and then select t srt the permissin levels in ascending r descending rder. T manage yur permissin levels, yu can perfrm the fllwing actins: Advanced Search Click Advanced Search t cnfigure the search clumn name rules and cnditins fr filtering the permissin levels. Click Add a Rule, select Equals r Cntains frm the Cnditin list, and enter the value. Yu can add multiple rules and cnfigure the cnditin between the rules. Use And r Or t define the rule cnditins and click Validatin Test t test yur settings. Click Search t filter the permissin levels accrding t yur settings. Click Reset t clear yur settings. Add Click Add t create a new permissin level: i. Basic Infrmatin Enter a name fr the new permissin level and an ptinal Descriptin fr future references. ii. Grant Permissin fr Different Mdules Select the mdules r functins yu want t grant permissin t. Fr mdules, such as Dashbard, Manage, Reprt, Cnfigure, and Jb Mnitr, select the crrespnding checkbx t grant that permissin t each functin in the crrespnding mdule. Click Save t save the cnfiguratin. Click Cancel t return t the Permissin Level Interface withut saving changes. Edit T edit a previusly cnfigured permissin level, select the permissin level yu wish t edit by selecting the crrespnding checkbx, then click Edit t navigate t the page t edit this permissin level. i. In the Basic Infrmatin sectin, yu can mdify the permissin level name and a Descriptin f this permissin level. ii. In the Grant Permissin fr Different Mdules sectin, yu can select which mdules r functins yu wish t allw this permissin level t access by selecting the crrespnding checkbxes. 81

82 Click Save t save the cnfiguratin. Click Cancel t return t the Permissin Level Interface withut saving changes. Delete T delete a previusly cnfigured permissin level, select the permissin level yu wish t delete by selecting the crrespnding checkbx, then click Delete n the ribbn. A pp-up windw appears t cnfirm this actin. Click OK t delete the selected permissin level and return t the Permissin Level interface, r click Cancel t return t the Permissin Level interface withut deleting the selected permissin level. Managing Admin Grups Admin Grups allw yu t apply the same permissin levels t all users within the same user grup. This way, yu can change the permissin levels f multiple users by editing yur user grup rather than individually cnfiguring permissin levels fr each user. Yu can als change the permissin levels fr a user by changing which grup they belng t. T access administratin grup cnfiguratins, navigate t the Cnfigure menu, and then click Admin Grups under the Admin Accunts heading. In the Admin Grups cnfiguratin interface, yu will see a list f previusly cnfigured administratin user grups. The Administratrs grup cmes pre-cnfigured and users in this grup have full cntrl ver all mdules. Yu can custmize hw these administratin grups are displayed in the fllwing ways: Manage Clumns Manages which clumns are displayed in the list s that nly the infrmatin yu want t see will be shwn. Click Manage Clumns in the upper-right crner, select the checkbxes next t the clumn names in the drp-dwn list, and click OK t have that the selected clumns shwn in the list. The clumns available fr selecting are: Name The name f the grup. Descriptin The descriptin f the grup. Username The names f the users belnging t this grup. Srt the clumn T srt the administratr grups, click the clumn name f the NAME clumn and then select t srt the administratr grups in ascending r descending rder. Adding Admin Grups T add a new administratin grup fr AvePint Perimeter, click Add n the ribbn and cnfigure the fllwing settings: 1. In the Grup Infrmatin sectin, enter the grup name, permissin and an ptinal descriptin fr the grup t be created. Grup Name Enter a Grup Name in the prvided textbx. 82

83 Permissin Assign the permissin levels t the grup by selecting the previusly created permissin levels frm the Permissin drwn-up list. Descriptin Enter an ptinal Descriptin fr the grup fr future reference. 2. In the Add Users sectin, select users frm the drp-dwn list t add t this grup. This assigns the users the permissin levels cnfigured abve. 3. Click Save n the ribbn t save the cnfiguratins, r click Cancel t return t the grup interface withut saving the cnfiguratins. Editing Admin Grups T edit a grup, select the grup by selecting the crrespnding checkbx, then click Edit n the ribbn, r click the pen menu buttn ( ) next t the name f the desired grup and then click Edit in the ppup menu. Yu will be brught t the page fr editing the grup. Here yu can change the name, descriptin fr this grup, as well as the permissin levels. When yu have finished making changes t the cnfiguratins fr this grup, click Save t save and return t the Admin Grups interface, r click Cancel t return t the Admin Grups interface withut saving any changes. Deleting Admin Grups T delete administratin grups frm AvePint Perimeter, cmplete the fllwing steps: 1. Select the grups by selecting the crrespnding checkbxes, and then click Delete n the ribbn. Alternatively, yu can select a grup, click the pen menu buttn ( name, and then click Delete in the pp-up menu. ) next t the grup 2. A cnfirmatin windw will pp up fr this deletin. Click OK t delete the selected grups, r click Cancel t return t the Admin Grups interface withut deleting any grups. Managing Users in Admin Grups In the Admin Grups interface, all f the users belnging t each grup are listed in the Username clumn. T manage the users an administratin grup, select the grup in the Admin Grups interface and then yu can perfrm the fllwing actins: Adding Users int Grup T add users int this grup, click Edit n the ribbn t enter the page fr editing the selected grup. Within the grup, select the users yu want t add int this grup frm the Add Users t Grup drp-dwn list. Click Save n the ribbn t save the cnfiguratins, r click Cancel t return t the grup interface withut adding any users. Remving Users frm Grup T remve users frm this grup, click Edit n the ribbn t enter the page fr editing the selected grup. Within the grup, find the user yu want t remve frm this grup in the Add Users t Grup field, and then click the remve buttn ( ) next t the username. The username will disappear frm the Add 83

84 Users t Grup field. Click Save t remve the selected user, r click Cancel t return t grup interface withut remving the selected user. Managing Admin Users T view and manage administratin users fr AvePint Perimeter, navigate t the Cnfigure menu, and then click Admin Users under the Admin Accunts heading. In the Admin Users interface, yu will see a list f previusly added users. Yu can custmize hw these users are displayed in the fllwing ways: Manage Clumns Manages which clumns are displayed in the list s that nly the infrmatin yu want t see will be shwn. Click Manage Clumns in the upper-right crner, select the checkbxes next t the clumn names in the drp-dwn list, and click OK t have the selected clumns shwn in the list. The clumns available fr selecting are: Username The name f the user. Descriptin The descriptin f the user. Status The status f the user accunt. Address The address f the user. Type The type f the user. Lcal User is the nly available user type fr AvePint Perimeter s administratin users. Grup Name The names f the administratin grups where the user has been added. Srt the clumn T srt the administratr users, click the clumn name f USERNAME r ADDRESS and then select t srt the user in ascending r descending rder. Filter the clumn Filter which users are displayed based n the values f the USERNAME/STATUS/TYPE clumn. Click the Open Menu ( ) buttn next t the clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding users shwn in the list. Adding Admin Users T add an admin user fr AvePint Perimeter, click Add in the Admin Users interface and then cnfigure the fllwing settings: User Infrmatin In the User Infrmatin sectin, cnfigure the settings belw: User Type Chse the type f the user yu are adding. Yu can select t create a Lcal System Accunt r a Windws Authenticatin Accunt. Username Enter a name fr the user yu are adding. If yu are adding a Windws Authenticatin Accunt as the Perimeter administratr, yu can search fr and check the username. Address This field is nly fr a Lcal System Accunt. Enter the address f the user yu are adding. 84

85 Add User t Grups Select the grups frm the drp-dwn list t add the user. Descriptin Enter an ptinal Descriptin fr the user fr future reference. Security Infrmatin Enter the desired passwrd int the Passwrd and Cnfirm passwrd text bxes. Figure 5: The Add page. When yu are finished, click Save t add the user and return t the Admin Users interface, r click Cancel t return t the Admin Users interface withut saving the cnfiguratins fr this new user. Editing Admin Users T edit an admin user fr AvePint Perimeter, select the user by selecting the crrespnding checkbx, then click Edit n the ribbn, r click the pen menu buttn ( ) next t the username and then click Edit in the pp-up menu. Yu will be brught t the page fr editing the user. Here yu can cnfigure the fllwing settings fr a user: User Infrmatin In the User Infrmatin sectin, yu can cnfigure the settings belw: 85

86 Username Enter the name f the user yu are editing. Address Change the address f the user yu are editing. Add User t Grups Change the grups that the user belngs t. Select the desired grups frm the drp-dwn list t add the user. The user will have all f the permissins f the selected grup, r yu can als remve the user frm a grup by clicking the remve buttn next t the grup name. Descriptin Enter an ptinal Descriptin fr the user fr future reference. Security Infrmatin Select the Reset the passwrd checkbx t change the user s passwrd. Enter the new passwrd in the Passwrd field and re-enter the new passwrd in the Cnfirm Passwrd field. When yu are finished, click Save t save the changes made and return t the Admin Users interface, r click Cancel t return t the Admin Users interface withut saving any changes made. Deleting Admin Users T delete previusly cnfigured admin users, select the users by selecting the crrespnding checkbx, then click Delete n the ribbn r click the pen menu buttn ( ) next t the username and then click Delete in the pp-up menu. A cnfirmatin windw will pp up fr this deletin. Click OK t delete the selected users, r click Cancel t return t the Admin Users interface withut deleting the selected users. *Nte: The built-in administratr accunt Admin cannt be deleted. Deactivating and Activating Admin Users Refer t the sectin belw t activate r deactivate an admin user. Activate T activate the Inactive user, select the user by selecting the crrespnding checkbx, then click Active n the ribbn r click the pen menu buttn ( the username and then click Active in the pp-up menu. ) next t Deactivate T deactivate the Active user, select the user by selecting the crrespnding checkbx, then click Deactivate n the ribbn r click the pen menu buttn ( ) next t the username and then click Deactivate in the pp-up menu. This makes the status f the user becme Inactive. The Inactive users are nt allwed t lgin Perimeter. Cnfiguring Secured Share Secured Share in the Cnfigure menu allws yu t cnfigure the required settings fr sharing files, flders, and libraries in SharePint via the AvePint Perimeter Secured Share feature in SharePint r using the Virtual View feature in Perimeter. Prir t sharing files, flders, and libraries, yu must cnfigure the System Credentials fr dwnlading the riginal files (including the files that are shared 86

87 directly and the files within the shared virtual views, flders and libraries) frm SharePint and the Shared File Lcatin t stre the dwnladed cpies f the shared files. Optinally, if yu want t enable users t pen shared files f the.dcx,.pptx, and.xlsx frmats in brwser via Office Web Apps r Office Online at the AvePint Perimeter Internal and External Prtal, edit shared files f these three file frmats via Office Web Apps r Office Online and synchrnize the mdificatins t the riginal SharePint files at the External Prtal, cnfigure the Office Web Apps Server. Cnfiguring System Credentials In System Credentials, yu can cnfigure the Web applicatin level system credentials used t dwnlad cpies f the shared files frm specific Web applicatins. T access System Credentials, navigate t the Cnfigure menu, and then click System Credentials under the Secured Share heading. T cnfigure the system credentials used t dwnlad the shared files frm a specific scpe, cmplete the fllwing steps: 1. In the Scpe pane, expand the tree f yur desired SharePint farm t view all f the included Web applicatins in this farm. 2. T access the page fr cnfiguring the system credentials frm a specific Web applicatin, click the Cnfigure buttn next t the scpe name. 3. In the Cnfigure System Credentials page, select an authenticatin methd frm the Authenticatin Methd list and enter the system credentials yu want t use in the Username and Passwrd text bxes. *Nte: Yu must ensure the accunt designated in the system credentials meets the fllwing cnditins: This accunt is nt a system accunt. This accunt has the Full Cntrl permissin fr all znes in the selected Web applicatin. This accunt has accessed each site cllectin where the AvePint Perimeter Secured Share feature will be used within the selected Web applicatin. 4. Click Validatin Test t see whether the credentials yu entered are valid, and then click Save t save the cnfiguratin. 5. After yu cnfigure the system credentials fr the selected Web applicatin, this Web applicatin s status in the Status clumn becmes Cnfigured. T edit the previusly cnfigured system credentials f a specific Web applicatin, click the Cnfigure buttn fllwing the crrespnding nde T delete the previusly cnfigured system credentials f a specific Web applicatin, click Remve buttn fllwing the crrespnding nde. 87

88 Cnfiguring Shared File Lcatin In Shared File Lcatin, yu can cnfigure the Universal Naming Cnventin (UNC) path fr the lcatin t stre all f the dwnladed cpies f the shared files and the credentials fr accessing the UNC path. These cpies f the shared files can be viewed r edited by users in the AvePint Perimeter External Prtal r via the AvePint Perimeter apps n enrlled mbile devices. T access Shared File Lcatin, navigate t the Cnfigure menu, and then click Shared File Lcatin under the Secured Share heading. T cnfigure the shared file lcatin fr this Perimeter management system, cmplete the fllwing settings: 1. In the UNC Path text bx, enter the UNC path fr the lcatin where yu want t stre the dwnladed cpies f shard files. Nte that the UNC path shuld be entered in the fllwing frmat: \\admin-pc\c$\data r \\admin-pc\ shared flder. 2. In the Username and Passwrd text bxes, enter the credentials f the accunt used t access the UNC path cnfigured abve. Nte that the entered accunt must have Write permissins t the UNC path cnfigured abve. 3. Click Validatin Test t test the entered infrmatin is valid. 4. Chse whether r nt t enable the retentin settings fr deleting the cache f the shared files that have nt been accessed within a specific time perid. Fr details n defining the retentin settings, refer t Defining File Cache Retentin Settings. 5. Click OK t save the shared file lcatin r click Cancel t exit the current page withut saving any cnfiguratin. Defining File Cache Retentin Settings By default, the cache data f the shared files that are nt edited, accessed, r dwnladed within 30 days will be deleted. Cmplete the steps belw t custmize the retentin settings fr deleting file caches: 1. G t the \bin\cnfig flder under the Perimeter Manager installatin path. The default Manager installatin path is \AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Lcate the <add key="filecachecleanupdays" value="30" /> nde, and mdify the value f the FileCacheCleanUpDays attribute as yu desired. *Nte: Withut this nde, the retentin days will be 30 days by default. 4. Save and clse the AppSettings.cnfig file. 88

89 Cnfiguring Office Web Apps Server Settings In Office Web Apps Server Settings, yu can cnfigure an Office Web Apps Server (OWA) fr yur AvePint Perimeter Internal Prtal and External Prtal and the WOPI Hst Server used by the OWA t enable end-users t pen shared files f the.dcx,.pptx, and.xlsx frmats in brwsers via the crrespnding Office Web Apps (including Wrd Web App, Excel Web App, and PwerPint Web App) at the Internal and External Prtal, edit shared files in Office Web Apps and synchrnize the mdificatins t the riginal SharePint files at the External Prtal. T access the Office Web Apps Server Settings interface, navigate t the Cnfigure menu, and then click Office Web Apps Server Settings under the Secured Share heading. T cnfigure the Office Web Apps Server (OWA) fr yur AvePint Perimeter Internal Prtal and External Prtal and WOPI Hst Server fr the OWA, cmplete the fllwing settings: 1. OWA Activatin Select the Enable Perimeter Prtal users t pen/edit files with OWA checkbx t enable the Office Web Apps Server settings fr the Internal and External Prtal. 2. OWA Server URL T set the URL f the Office Web Apps Server that will be used t cmmunicate with the WOPI Hst Server, cmplete the fllwing steps: a. Select the prtcl (https r http) that will be used by the Office Web Apps Server t cmmunicate with the WOPI Hst Server frm the drp-drp list befre ://. b. Enter the rest f the desired Office Web Apps Server URL int the text bx after ://. c. Click Lad Zne t lad znes f the designated Office Web Apps Server. The Select WOPI Zne field fr setting a WOPI zne appears belw. 3. Select WOPI Zne Set the WOPI zne f the designated Office Web Apps Server that will be used t cmmunicate with the WOPI Hst Server. 4. WOPI Hst Server URL Enter the URL f yur WOPI Hst Server in the frmat: hstname:prt. Use the WOPI Hst Server Hst and Website Prt that yu cnfigured during the WOPI Hst Server installatin as the hstname and prt part in the WOPI Hst Server URL. 5. Click Save t save the Office Web Apps Server settings. 6. T ensure that the cnfigured Office Web Apps Server and WOPI Hst Server can be prperly used t pen.dcx,.pptx, and.xlsx in the brwser at the AvePint Perimeter External and Internal Prtal, yu must ensure that the fllwing SSL certificates are trusted by related servers/cmputers: The Office Web Apps Server s certificate is trusted by the WOPI Hst Server and enduser brwsers at the AvePint Perimeter Internal Prtal and External Prtal. AvePint recmmends using a valid certificate issued by a cmmercial certificatin authrity fr the Office Web Apps Server s the certificate can be autmatically trusted by end-user brwsers and the WOPI Hst Server. If the Office Web Apps Server des nt have a valid certificate issued by a cmmercial certificatin authrity, yu must manually imprt its certificate int 89

90 the Trusted Rt Certificatin Authrities certificate stre f the WOPI Hst Server and end-users cmputers. The WOPI Hst Server s certificate is trusted by the Office Web Apps Server. T achieve this, manually imprt the WOPI Hst Server s certificate int the Trusted Rt Certificatin Authrities certificate stre f the Office Web Apps Server. Cnfiguring Secure Share Cntrl Plicy In Secure Share Cntrl Plicy, yu can cntrl the Perimeter license cnsumptin fr wh can use the Perimeter secure share feature, define the users r grups wh can secure share items and the permissin levels they can grant, restrict the dmains where the recipients f external secure share can belng, and cntrl the files r flders that can be secure shared by defining the dcument attribute based rules. T access Secure Share Cntrl Plicy, navigate t the Cnfigure menu, and then click Secure Share Cntrl Plicy under the Secured Share heading. License Cnsumptin Restrictin T cntrl the license cnsumptin fr wh can use the Perimeter secure share feature, cmplete the settings belw: 1. Navigate t Cnfigure > Secure Share Cntrl Plicy > License Cnsumptin Restrictins. 2. In the License Cnsumptin Restrictins sectin, chse t allw all users t use Perimeter secure share r nly the users imprted frm Active Directry. If yu chse the Only users imprted frm Active Directry ptin, cntinue with the fllwing steps. If yu chse the All users ptin, prceed t step In the Dmain Infrmatin sectin, cmplete the fllwing settings: Dmain Cntrller Address Enter the dmain cntrller address where yu want t imprt the Active Directry users. Username and Passwrd Enter the username and passwrd f the Active Directry accunt yu want t use t synchrnize the AD users. Make sure that the accunt has at least read permissin in yur rganizatin directry. Dmain Scpe Select the Imprt users frm all dmains in the same frest and the trusted dmains ptin r select the Cnfigure the search rts list myself ptin t cnfigure which users will be synchrnized by LDAP Distinguished Names (DN). 4. In the Schedule Settings sectin, chse t run the synchrnizatin immediately, r cnfigure a schedule t synchrnize the active directry users. If yu chse t cnfigure a schedule, cmplete the fllwing settings: Schedule Type Chse t run the synchrnizatin jb By hur, By day, By week, r By mnth. 90

91 Interval Enter a number int the text bx f Every _ hurs/days/weeks/mnths t define the frequency fr running the scheduled synchrnizatin jbs. Start Time Select the start time frm the drp-dwn list t run the synchrnizatin jb. If yu select By mnth as the Schedule Type, cnfigure the Specify the start time by date settings r the Specify the start time by day f the week settings. Fr mre infrmatin, see the Cnfiguring Advanced Start Time Settings sectin. 5. Click Save t save the license cnsumptin settings. Click Cancel t exit this interface withut saving the cnfiguratins. User and Grup Restrictin Yu can add rules t User and Grup Restrictin t cntrl the internal users and grups wh can use Secure Share t share SharePint items. If yu add rules in the User and Grup Restrictin tab, nly the internal users and grups wh meet the rule cnditins can secure share SharePint items and grant thers with the prescribed permissin levels. If there are n rules cnfigured in the User and Grup Restrictin tab fr restricting wh can secure share SharePint items, all f the internal users and grups can share items. When perfrming Secure Share, they can either grant any f the permissin levels t the shared with users r grant limited permissin levels accrding t their wn permissins in the SharePint site. Fr details n granting SharePint permissins t define the permissin levels that a user can grant, refer t Allwing SharePint Permissins t Decide the Available Permissin Levels. Cmplete the steps belw t cnfigure rules fr User and Grup Restrictin: 1. Navigate t Cnfigure > Secure Share Cntrl Plicy > User and Grup Restrictin. 2. Click Add a Rule under the table t add a rule recrd. 3. Select a rule categry frm the drp-dwn list under the Rule clumn, select the rule cnditin fr this rule categry, and then enter the value in rder t lcate certain users r grups. Fr detailed explanatins n rule categries and cnditins, refer t Examples f User and Grup Restrictin Rules. 4. In the Share Type clumn, select the maximum permissin level that the users r grups can grant in the secure share. 5. Repeat the steps frm step 2 t step 4 t add additinal rules. 6. Click Save t save yur cnfiguratins fr user and grup restrictins, r click Cancel t exit the Secure Share Cntrl Plicy page. Examples f User and Grup Restrictin Rules Refer t the table belw fr examples f cnfiguring user and grup restrictins rules: 91

92 Rule Categry Rule Cnditin Value Share Type Descriptin Active Directry User/Grup Equals IT_Team_All Delete The active directry grup IT_Team_All can grant the Edit, Dwnlad, Read, r Delete permissin in secure share. SharePint Grup Equals Site_Visitr Read The SharePint grup Site_Visitr can nly grant the Read permissin in secure share. Cntains Owner Edit The SharePint grup that has a grup name cntaining wner can grant the Edit, Dwnlad, r Read permissin in secure share. Begins With Site Dwnlad The SharePint grup that has a grup name which begins with site can grant the Dwnlad r Read permissin in secure share. All Users N/A N/A Dwnlad All f the users in secure share can grant Dwnlad r Read permissin. Dmain Restrictins Yu can cnfigure the Secure Share dmain restrictins t define the allwed dmains r blcked dmains fr the users that the files, flders, r libraries can be shared with. The users in the blcked dmain list cannt have SharePint files, flders, r libraries shared with them, and they cannt register t the Perimeter External Prtal. T restrict the dmains where the recipients f external secure shares can belng, cmplete the settings belw: 1. In the Type field, select White List r Black List t define the allwed dmains r the blcked dmains. If yu cnfigure a white list, nly the users frm the dmains in this list can have SharePint items shared with them via the Perimeter Secure Share feature. If yu cnfigure a 92

93 black list, the users frm the dmains in this list cannt have SharePint items secure shared with them via the Perimeter Secure Share feature. 2. Enter a dmain int the Allwed Dmain text bx r Blcked Dmain text bx in the frmat f example.cm, and then click Add. 3. That dmain will be added t the Allwed Dmain lists r Blcked Dmain list. T remve a dmain frm the list, select that dmain, and then click Remve. 4. Click Save t save the dmain restrictin settings, r click Cancel t exit the Secure Share Cntrl Plicy page. Dcument Attribute Based Restrictin Yu can cntrl SharePint files r flders that can be shared via the Secure Share feature accrding t dcument attribute based rules. T add and cnfigure a dcument attribute based rule, cmplete the steps belw: 1. In the Default Dcument Plicy sectin, select the default actin frm the drp-dwn list. If the default actin is Allw, the actin f the rules cnfigured in the Dcument Plicy Exceptin table will be Blck. If the default actin is Blck, the actin fr the exceptin rules will be Allw. 2. Click Add a Rule under the Dcument Plicy Exceptin table t add an exceptin rule recrd. 3. Enter a file r flder attribute name int the text bx under the Attribute clumn, select Equals r Des Nt Equal as the cnditin type, and then enter the value. 4. Yu can click Add a Rule t add multiple exceptin rules int the table ne by ne. 5. Click Save t save yur cnfiguratins, r click Cancel t exit the Secure Share Cntrl Plicy page. Enabling SharePint Permissins t Grant the Available Permissin Levels By default, when sharing files, flders, r a library via Secure Share feature in SharePint, internal users can grant any f the permissin levels t the shared with users even thugh internal users d nt have permissins equivalent t the granted permissin level. T avid this security risk, yu can use SharePint permissins t cntrl the permissin levels that are allwed t be granted by users using Secure Share. Refer t the instructins belw t enable this permissin cntrl: 1. G t the \bin\cnfig flder under the Perimeter Manager installatin path. The default Manager installatin path is \AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Lcate the <appsettings> nde, set the value f the SharePermissinBaseOnSP attribute t true. 4. Save and clse the AppSettings.cnfig file. 93

94 The fllwing are the permissin cntrl cnditins: If internal users have the Delete Items permissin t the files, flders, r library, they can grant ther users any f the prvided permissin levels. If internal users have the Edit Items permissin t the files, flders, r library, they can grant ther users with any f the prvided permissin levels except f Delete. If internal users have the View Items and Open Items permissin t the files, flders, r library, they can grant the thers the Read Only r Dwnlad permissin level. If internal users nly have the View Items permissin t the files and the files that can be pened by Office Web App, they can nly grant the thers the Read Only permissin level. If internal users nly have the View Items permissin t the files and the files that cannt be pened by Office Web App, they can grant the thers the Read Only r Dwnlad permissin level. If internal users nly have View Items permissin t the flders r library, they can nly grant ther users with the Read Only permissin level. Cnfiguring Watermark Settings In Watermark Settings, yu can cnfigure watermark settings at Web applicatin level t prtect the shared files with watermark. The shared files in the Web applicatin that have watermark settings cnfigured will be viewed r dwnladed with the watermark applied. T access Watermark Settings, navigate t the Cnfigure menu, and then click Watermark Settings under the Secured Share heading. T cnfigure the Watermark Settings fr the Perimeter management system, cmplete the fllwing settings: 1. Click the farm name displayed in the SCOPE clumn t expand the farm tree. All f the Web applicatins in the current farm are displayed. 2. Select the checkbxes ahead f the Web applicatins that yu want t cnfigure watermark settings fr, and then click Cnfigure abve the clumn header, r click Cnfigure under the ACTION clumn t cnfigure watermark settings fr each Web applicatin separately. 3. In the Cnfigure interface, select the Enable watermark ptin under the Watermark sectin, and then cmplete the fllwing settings t cnfigure the watermark settings: Text Select the Current User Accunt ptin frm the drp-dwn list t display the username f the accunt that is accessing the shared file as the watermark text, r select Custmized t enter the desired text r select a value frm the drp-dwn list as the watermark text. Cnfigure the fnt, size, clr, and layut fr the watermark text. Repeat Chse whether r nt t repeat the text n the same page. 94

95 4. Click Save t save the watermark settings and exit the interface. Click Cancel t exit the interface withut saving the changes. Cnfiguring Cntent Access Cntrl fr Secure Share Yu can enable the Cntent Access Cntrl fr Secure Share and cnfigure the lcatin r IP address rules t allw r deny the access f shared cntent thrugh Perimeter Prtals r mbile devices by the internal/external users that are frm the designated lcatin r lcatin grup r whse IP addresses lie in the designated range. T access Cntent Access Cntrl, navigate t the Cnfigure menu, and then click Cntent Access Cntrl under the Secured Share heading. Cmplete the steps belw t enable and cnfigure the Cntent Access Cntrl fr Secure Share: 1. In the Cntent Access Cntrl fr Secure Share field, select the Enable cntent access cntrl fr secure share ptin. The Rule Settings fr Cntent Access Cntrl field will be available. 2. Click Add a Rule t add a rule recrd int the table. 3. Cntrl Type Select Lcatin r IP Address frm the drp-dwn list. *Nte: T use the Lcatin cntrl type, yu are recmmended t use an IP Lcatin Database t lcate the users via IP address, in additin t the lcatins that Perimeter are allwed t btain. Fr details, refer t Cnfiguring IP Lcatin Database. Lcatin Use the user-defined lcatin r lcatin grups r the gegraphic lcatins t lcate the users. With User-defined selected, yu can select a user-defined lcatin r lcatin grup t cntrl the access f users frm there, r yu can select Any, Undefined, r Unavailable t refer t the users frm any lcatin r undefined lcatin, r whse lcatin is unavailable. With the lcatin rules cnfigured, the internal r external users must prvide lcatin infrmatin befre they access the shared files in AvePint Perimeter External Prtal. By default, they can scan the QR cde using Perimeter mbile app, r use the brwser t prvide lcatin. If yur rganizatin asks users t prvide their lcatin thrugh the Perimeter mbile app withut the brwser as an alternative, refer t Prviding Lcatin Infrmatin via Mbile App Only fr detailed cnfiguratins. If yur rganizatin wants t apply 2-factr authenticatin requiring the QR cde and access passwrd fr accessing shared files, refer t Applying 2-Factr Authenticatin fr Accessing Shared Files t enable the 2-factr authenticatin. IP Address Use the IP address t lcate the users. Yu can select Any IP Address, Specified IP Address, r IP Address Range t lcate all f the users with IP addresses, r lcate the users with specific IP address, r whse IP address lies in the designated range. 95

96 4. User Type Select Internal User r External User frm the drp-dwn list t designate which type f users yu want t cntrl cntent access fr. 5. Actin Select Allw r Deny frm the drp-dwn list t allw r deny the users access t the shared cntent. 6. Descriptin Add an ptinal descriptin fr this rule. 7. Repeat the steps frm step 2 t step 6 t add multiple rules, and yu can change the pririty f the rules by selecting the number frm the Pririty list. If there are cnflicting rules, the rules with higher pririty will take effect. 8. Click Save t save the Cntent Access Cntrl settings, r click Cancel t exit the interface withut saving any changes. Prviding Lcatin Infrmatin via Mbile App Only If yur rganizatin asks all f the users t prvide their lcatin thrugh the mbile app, cmplete the steps belw: 1. G t the \bin\cnfig flder under the Perimeter External Prtal and Gateway installatin path. The default installatin path is \AvePint\Perimeter\GatewayPrtal. 2. Open the AppSettings.cnfig file using Ntepad. 3. Lcate the <appsettings> nde, set the value f the IsOnlyAppLcatin attribute t true. 4. Save and clse the AppSettings.cnfig file. Applying 2-Factr Authenticatin fr Accessing Shared Files If yur rganizatin wants t apply 2-factr authenticatin fr accessing the secure shared files in Perimeter External Prtal, cmplete the steps belw: 1. G t the \bin\cnfig flder under the Perimeter External Prtal and Gateway installatin path. The default installatin path is \AvePint\Perimeter\GatewayPrtal. 2. Open the AppSettings.cnfig file using Ntepad. 3. Lcate the <appsettings> nde, set the value f the IsTwFactrEnableFrPrtal attribute t true. 4. Save and clse the AppSettings.cnfig file. 96

97 Cnfiguring Secure Share Optins and Custmizatins In the Secure Share Optins and Custmizatins page, yu can cnfigure the fllwing settings fr the Secure Share. Figure 6: The Secure Share Optins and Custmizatins page. Expiratin Settings Chse whether r nt t require the Expiratin Time field t be prvided when perfrming a Secure Share n the Secure Share windw in SharePint. Yu can cnfigure a time duratin in the Default Expiratin Time field, s that the expiratin time will be autmatically ppulated fr each sharing event with a default expiratin time. Additinally, yu can als set up a Maximum Expiratin Time t ensure that the expiratin times that internal users can select d nt exceed the limit. *Nte: If yu d nt want t set up a default expiratin time, enter 0 int the text bx. The Expiratin Time field in the Secure Share windw will display blank, which represents that the secure share will nt expire. Metadata Setting Select whether r nt t display the metadata infrmatin f the shared items n the Perimeter Prtals and mbile apps. When using the Secure Share feature, the internal users can select a list view t share the SharePint prperties f the shared items. If the Display metadata infrmatin n the Perimeter Prtals ptin is deselected, the SharePint prperties will nt be displayed. 97

98 Permissin Level Settings Select whether r nt t allw the internal users t grant the Delete permissin when perfrming a Secure Share n the Secure Share windw in SharePint. Sending Secured Share Ntificatin as the Shared by User By default, the AvePint Perimeter Secured Share Ntificatin sent t the internal r external users with whm the files, flders, r library is shared displays the AvePintPerimeter.Ntificatins (perimeter.ntificatin@avepint.cm) in the Frm field. Yu can cnfigure the AppSettings.cnfig file t display the user wh shared the files, flders, r library with the thers as where the is frm. Cmplete the steps belw: 1. G t the \bin\cnfig flder under the Perimeter Manager installatin path. The default Manager installatin path is \AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Lcate the <appsettings> nde, set the value f the Is senderisshareby attribute t true. 4. Save and clse the AppSettings.cnfig file. Enabling Update Ntificatin By default, users that have files shared with them will nt be ntified when the shared files are updated. With the update ntificatin enabled, the shared with users will receive an ntificatin if the shared by users r site cllectin administratrs chse t ntify them when shared files are updated. Additinally, yu can cnfigure a time range within which AvePint Perimeter will nly send ut ne update ntificatin, regardless f hw many times the files have been updated. T enable the update ntificatin and cnfigure a time range, cmplete the steps belw: 1. G t the \AvePint\Perimeter\Manager\bin\cnfig flder n the Perimeter Manager server. 2. Open the AppSettings.cnfig file using Ntepad. 3. Lcate the <appsettings> nde, set the value f the dynamicupdate ntificatin attribute t true. 4. Find r add the FileUpdateHlderSendTime attribute, and set the value. The time unit f this attribute value is Minute. If this attribute is nt cnfigured, the time range will be 60 minutes by default. Accrding t the default time range, after an update ntificatin is sent ut fr a file that is being updated, users will nt be ntified f any updates f the same file made by the same user within the next 60 minutes. 5. Save the changes and clse the file. 98

99 Custmizing the Threshld fr Sending Reminder Ntificatins fr Lcked Shared Files n the External Prtal By default, if a shared file has been lcked fr editing fr mre than 5 days n the AvePint Perimeter External Prtal, the Perimeter system will autmatically send a reminder ntificatin whse subject is Actin Needed: Files Lcked fr Editing t the user wh lcked the file t remind the user t edit this file, with the user wh shared this file CC ed. T custmize the threshld fr sending this reminder ntificatin in days, cmplete the fllwing steps: *Nte: Fr mre infrmatin n custmizing the template fr the Actin Needed: Files Lcked fr Editing ntificatin, refer t Custmizing Templates. 1. G t the \bin\cnfig flder under the Perimeter Manager installatin path. The default Manager installatin path is \AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Within the <appsettings> nde, set the value f the filelckntificatinintervaldayscunt attribute t an integer between 1 and 32 as the new threshld fr sending the Actin Needed: Files Lcked fr Editing ntificatins fr lcked shared files. *Nte: The default value is Save the changes and clse the file. 5. Restart the AvePint Perimeter Timer Service n the Perimeter Manager server manually t make this change take effect. Allwing Users that are nt Shared With t Sign Up t the External Prtal By default, if an external user des nt have any items shared with them, the external user cannt sign up t the External Prtal. If yur rganizatin wants t allw these external users t sign up t the External Prtal and let them submit access requests thrugh the secure share links f the shared items, yu must edit a cnfiguratin file t enable this functin. Cmplete the steps belw t enable this functin: 1. G t the bin\cnfig flder under the Perimeter External Prtal and Gateway installatin path. The default External Prtal and Gateway installatin path is \AvePint\Perimeter\Gateway\bin\Cnfig. 2. Find the AppSettings.cnfig file and pen it with Ntepad. 3. Set the value f the allwregisterwithutdcuments attribute t true. 4. Save yur changes and clse this file. 99

100 Defining the Default Expiratin Duratin fr Secure Share via CONFIG File With a default expiratin duratin defined, the expiratin time will be autmatically ppulated in the Secure Share windw when internal users use the Secure Share feature t share files, flders, r libraries in SharePint. Internal users can still custmize the expiratin time in the Secure Share windw. *Nte: If the Secure Share Optins and Custmizatins has been cnfigured, this setting in the AppSettings.cnfig file will nt wrk. T define a default expiratin duratin fr Secure Share via CONFIG file, cmplete the steps belw: 1. G t the \bin\cnfig flder under the External Prtal and Gateway installatin path and the Manager installatin path. The default installatin path f External Prtal and Gateway is \AvePint\Perimeter\GatewayPrtal; the default installatin path f Manager is \AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Find the DefaultExpiratinDays attribute and set a value fr this attribute. The time unit is Days and the valid value must be an integer greater than Save the changes and clse the file. Disabling Internal Users t Share Annymus Access r Passcde-Verified Access By default, AvePint Perimeter Secure Share feature prvides all f the fllwing secure share types: Require registratin and verify the shared permissin Accessible t anyne thrugh links Verify viewers via passcde If yu d nt want t allw annymus access (Accessible t anyne thrugh links) r passcde-verified access (Verify viewers via passcde) t be shared by internal users via Secure Share in SharePint, yu can cnfigure the settings in the AppSettings.cnfig file. Refer t the instructins belw: 1. G t the \AvePint\Perimeter\Manager\bin\cnfig directry n the server where the AvePint Perimeter Manager is installed. 2. Open the AppSettings.cnfig file with Ntepad. Cmplete the steps belw: If yu want t disable internal users t share the annymus access, find the AllwAnnymusShare attribute and set the value t false. If yu want t disable internal users t share the passcde-verified access, find the AllwAccessCdeShare attribute and set the value t false. 3. Save the changes and clse this file. 100

101 Defining the Minimum Interval fr Sending a One-Time Access Passcde If the secure share requests a passcde verificatin, the external users wh access the shared link must prvide their address t receive a passcde and then prvide the passcde t Perimeter External Prtal within 30 minutes fr verificatin. By default, the minimum interval fr sending anther passcde is 60 secnds, which means the external users must wait at least 60 secnds t send ut anther passcde. Figure 7: The minimum interval fr sending anther passcde. If yu want t change the minimum interval, cmplete the steps belw: 1. G t the \bin\cnfig flder under the External Prtal and Gateway installatin path. The default installatin path is \AvePint\Perimeter\GatewayPrtal. 2. Open the AppSettings.cnfig file using Ntepad. 3. Add the <add key="accesscderesenttime" value="60" /> nde int the <appsettings></appsettings> nde. 4. Yu can change the number fr the value attribute. The unit f time is Secnd. 5. Save yur cnfiguratins and clse this file. Deleting Shared Items Permanently By default, the items deleted by users wh are granted Delete permissin via Secure Share f AvePint Perimeter 1 SP9 CU1 r later will be mved t the recycle bin. If yu want t permanently delete the shared items when the users delete them, yu can cnfigure the settings in AppSettings.cnfig file. Cmplete the steps belw: 1. G t the \bin\cnfig flder under the External Prtal and Gateway installatin path. The default installatin path is \AvePint\Perimeter\GatewayPrtal. 101

102 2. Open the AppSettings.cnfig file using Ntepad. 3. Find the IsCmpleteDeletin attribute and set the value t true. 4. Save yur changes and clse this file. Cnfiguring Applicatin Settings Applicatin Settings in the Cnfigure menu allws yu t custmize cnfiguratins fr default device enrllment settings and ntificatin settings fr AvePint Perimeter. Additinally, yu can cnfigure the appsettings.cnfig file t cnfigure the accunt lckut plicy fr the lgin behavir f the Perimeter Management Cnsle and Prtals. By default, the user accunt will be lcked ut fr 5 minutes after five failed lgin attempts within 5 minutes. Fr details refer t Cnfiguring Accunt Lckut Plicy. Cnfiguring General Settings In General Settings, cnfigure the general settings fr device enrllment and prtal cnnectins, including the default device enrllment settings, URLs f the AvePint Perimeter External Prtal and AvePint Perimeter Internal Prtal, and rganizatin cntact infrmatin. T access General Settings, navigate t the Cnfigure menu, and then click General Settings under the Applicatin Settings heading. Fllw the steps belw t cnfigure the general settings. 1. Device Services URL Enter the URL f the Gateway f this AvePint Perimeter management system. This URL will be included in the enrllment request s t the device wners. The device wners will pen this URL t dwnlad and install the AvePint Perimeter mbile apps. Yu can check whether the enter URL is available by clicking the Test buttn. 2. Default Authenticatin Mde Chse the default authenticatin methd fr this Perimeter Manager server. This is the methd that will be used during the mbile device enrllment prcess. Directry Credentials fr Organizatin Users must prvide their rganizatin usernames and passwrds f their rganizatin directry accunts during the mbile device enrllment prcess. One-Time Enrllment Cde Users must prvide their rganizatin usernames and the One-Time Enrllment Cdes prvided in the enrllment requests during the mbile device enrllment prcess. Bth (2- Factr Authenticatin with Directry Credentials & a One-Time Enrllment Cde) Users must prvide bth their rganizatin credentials (usernames and passwrds) and the One-Time Enrllment Cdes prvided in the enrllment requests during the mbile device enrllment prcess. 102

103 3. Uplad Device Usage Plicy Uplad a predefined device usage plicy HTML file custmized by yur cmpany. This will help t ensure the security, safety and privacy f yur emplyees usage f the enrlled devices. 4. Authenticatin Type Select the default authenticatin types fr signing int the Perimeter Management Cnsle, Internal Prtal, and External Prtal. With Windws Authenticatin type selected, internal users can directly sign int the Internal Prtal r External Prtal using their Windws accunts. If yu select the Windws Authenticatin as the External Prtal Default Authenticatin Type, the external users must manually change the authenticatin type t Frm Based Authenticatin and prvide the username and passwrd when signing int the External Prtal. If yu want t allw the users frm yur trusted business partners t use their wn rganizatin credentials t lg int Perimeter, yu can select the ADFS Authenticatin type. T cnfigure the ADFS Authenticatin, refer t Cnfiguring ADFS Authenticatin. 5. Internal Prtal URL Enter the base URL f the AvePint Perimeter Internal Prtal f this AvePint Perimeter management system. Yu can check whether the enter URL is available by clicking the Test buttn. 6. External Prtal URL Enter the base URL f the AvePint Perimeter External Prtal f this AvePint Perimeter management system. Yu can check whether the enter URL is available by clicking the Test buttn. 7. Default Dmain T enable the internal users t mit dmain name while entering Active Directry usernames in the lgin pages f the AvePint Perimeter Internal Prtal and External Prtal, enter a default dmain name int this field. With the default dmain name cnfigured, internal users can enter username instead f dmainname/username t lg int the prtals. 8. Cntact Infrmatin Enter the system administratr s Address and Phne Number. This infrmatin will be listed in every enrllment request . If the device wners have any questins abut enrlling the devices, they can cntact the system administratr fr help. 9. Click Save t save yur cnfiguratins, r click Cancel t cancel the cnfiguratins and exit the General Settings interface. Disabling the Enrll New Device Feature n the AvePint Perimeter External Prtal By default, users (including internal and external users) f the AvePint Perimeter External Prtal can submit an enrllment request by clicking the Enrll New Device link n the External Prtal. (Fr detailed infrmatin n the Enrll New Device feature, refer t the AvePint Perimeter Pr Secured Share User Guide). Then, the Perimeter Manager will send an enrllment request t this user. The user can enrll a mbile device int the Perimeter management system using the received enrllment request e- mail withut requesting the enrllment request frm a Perimeter administratr. The authenticatin mde used by the enrllment request will be either f the fllwing: If sent t an internal user, the authenticatin mde is Bth (2- Factr Authenticatin with Directry Credentials & a One-Time Enrllment Cde). 103

104 If sent t an external user, the authenticatin mde is One-Time Enrllment Cde. If yu want all f the external users and/r internal users t nly be able t enrll their mbile devices via the enrllment requests sent by the Perimeter administratrs, cmplete the fllwing settings t disable the Enrll New Device feature at the AvePint Perimeter External Prtal: 5. G t the \bin\cnfig flder under the External Prtal and Gateway installatin path. The default installatin path is \AvePint\Perimeter\GatewayPrtal. 6. Open the AppSettings.cnfig file using Ntepad. 7. Cnfigure the values f the fllwing attributes: internaluserselfenrllenabled T disable the Enrll New Device feature fr internal users n the External Prtal, set the value f this attribute t false. externaluserselfenrllenabled T disable the Enrll New Device feature fr external users n the External Prtal, set the value f this attribute t false. *Nte: The default values f the internaluserselfenrllenabled and externaluserselfenrllenabled attributes are bth true, which means that the Enrll New Device feature is enabled fr bth the internal and external users n the External Prtal. 8. Save the changes and clse the file. Cnfiguring Ntificatin Settings Cnfigure settings, including SMTP server infrmatin and ntificatin parameters, fr sending ntificatins via . Cnfiguring Outging Settings The utging server must be cnfigured befre AvePint Perimeter can send ut ntificatins. T cnfigure the Outging server, cmplete the fllwing steps: 1. Outging server (SMTP) Enter the address f the utging server. 2. SSL authenticatin Cnfigure this ptin accrding t yur settings n the SMTP server. 3. (SMTP) Prt Enter the SMTP prt. The default SMTP prt is 25. Fr SSL authenticatin, the default prt is SMTP Server Username Enter the sender s username n the SMTP server 5. Allw Annymus Select whether r nt the SMTP server yu want t use is allwed t be accessed annymusly. If annymus access is allwed, the SMTP Server Passwrd is nt required. 6. Sender Address Enter the address fr all Perimeter s t be sent frm. 7. SMTP Server Passwrd Enter the sender s passwrd t lg nt the SMTP server. 8. Click Save t save yur cnfiguratins, r click Cancel t cancel the cnfiguratins. 104

105 9. After the utging settings are successfully cnfigured, Perimeter will autmatically send a cnfirmatin t the cnfigured Sender Address. Cnfiguring Ntificatin Settings In the Ntificatin Settings interface, perfrm the fllwing steps t cnfigure ntificatin settings: 1. Select the Ntificatin Cnditins when the ntificatins will be sent. If yu select Vilatin, Perimeter will send ntificatins t infrm recipients that SharePint blcked access accrding t the Cntent Access Cntrl rules. If yu select Warning, Perimeter will send ntificatins t infrm recipients f access attempts that resulted in a warning accrding t the Cntent Access Cntrl rules. With at least ne f the ntificatin cnditins selected, yu need cnfigure the settings in steps Recipients Enter the addresses f the ntificatin recipients. 3. When t Send Ntificatins In the When t Send Ntificatins area, chse ne f the fllwing ptins: Send ntificatins immediately With this ptin selected, the ntificatins will be sent immediately when access t SharePint is blcked r users are warned accrding the Cntent Access Cntrl rules. Cnfigure a schedule With this ptin selected, yu can cnfigure the schedule fr sending the ntificatins as fllws: Schedule Type Select the interval at which the Send access warnings reprt e- mail & Send access vilatins reprt timer jb ccurs: By hur, By day, By week, r By mnth. Interval Set up the frequency fr the schedule by entering an integer in the text bx. Start Time Specify the time f the day that Perimeter will check fr blcked/warned access attempts. If yu select By mnth, cnfigure the Specify the start time by day f the week and Specify the start time by date fields. Fr mre infrmatin, see the Cnfiguring Advanced Start Time Settings sectin belw. 4. Click Save t save yur cnfiguratins, r click Cancel t cancel the cnfiguratins. Cnfiguring Advanced Start Time Settings If yu select By mnth when cnfiguring a schedule, the fllwing advanced start time settings are available: 105

106 Specify a start time by date If yu select Specify a start time by date, cnfigure the start time as belw: : n the Specify the time f ne specific date f the mnth. Fr example, if yu select 1AM:00 n the 2nd, Perimeter will start the jb at 1 clck AM n the 2 nd day f the mnth. Specify the start time by day f the week If yu select Specify the start time by day f the week, cnfigure the start time as belw: : n the Specify the time f ne specific day f a specific week. Fr example, if yu select 1AM:00 n the first Friday, Perimeter will start the jb at 1 clck AM n the first Friday f the mnth. Cnfiguring ADFS Authenticatin If yu want t allw the users beynd yur rganizatinal bundaries t use their wn rganizatinal credentials t access Perimeter, yu can enable and cnfigure the ADFS Authenticatin in the Perimeter Management Cnsle. T enable and cnfigure the ADFS Authenticatin settings, cmplete the fllwing: 1. Navigate t Cnfigure > Applicatin Settings > ADFS Authenticatin. 2. In the ADFS Infrmatin sectin, select the Enable ADFS Authenticatin ptin in the ADFS Authenticatin field t enable the ADFS Authenticatin. 3. Prvide the fllwing infrmatin in the ADFS Infrmatin sectin. Relying Party Identifier Enter the identifier f the Replying Party Trust. Federatin Metadata Trust Enter the URL path f the Federatin Metadata Trust. 4. In the Tken-decrypting Certificate sectin, click Select Certificate t brwse the tkendecrypting certificate. 5. If yu want t add ADFS users t the Perimeter Management Cnsle, add the claims and yu can als set up the claim pririty. Cmplete the steps belw: a. click the Add a Rule link in the Claim Cnfiguratin sectin. A rule recrd will be added t the table. b. In the Aut field, the ManualInput ptin and the Select ptin are prvided in the list. If yu want t display all f the available claim types in the Claim Type list and select ne frm the list, select the Select ptin; If yu want t manually enter the claim type in the Claim Type bx, select ManualInput. c. If yu selected a claim type frm the list, the claim name will be autmatically ppulated int the Claim Type bx; if yu entered a claim type, enter the claim name int the Claim Type bx. 106

107 d. T add anther rule, repeat steps a t c. 6. Click Save t save the ADFS Authenticatin settings and exit this page; Click Cancel t exit this page withut saving any changes. Cnfiguring Accunt Lckut Plicy T custmize the accunt lckut plicy in the cnfiguratin file, cmplete the steps belw: 1. G t the \bin\cnfig flder under the External Prtal and Gateway installatin path and the Manager installatin path. The default installatin path f External Prtal and Gateway is \AvePint\Perimeter\GatewayPrtal; the default installatin path f Manager is \AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Find r add the fllwing ndes under the <appsettings></appsettings> nde. <add key= MaxLginLckTrial value= 5 /> Edit the number fr the value attribute. After the cnfigured number f failed lgin attempts, the user will be lcked ut. <add key= LginLckDuratin value= 5 /> Edit the number fr the value attribute t specify the time duratin f the accunt being lcked. The unit f time is Minute. <add key= LginAttempTimeRange value= 5 /> Edit the number fr the value attribute. The accunt will be lcked if the failed lgin attempts within the specified time range reached the value cnfigured fr the MaxLginLckTrial attribute. The unit f time is Minute. 4. Save yur cnfiguratins and clse the file. Lg Manager Use the Lg Manager t manage and cllect lgs that are generated by Perimeter Manager and Agents. In the Lg Manager, yu can cnfigure the lg level and settings fr the lg files fr each Manager service and Agent. T access Lg Manager fr Perimeter, navigate t the Cnfigure menu, click Lg Manager. Cnfiguring Lg Settings T cnfigure the lg settings in the Lg Manager interface, cmplete the fllwing steps: 1. Click Lg Settings n the ribbn. Yu can cnfigure the lg settings fr the Manager r Agent services by clicking the Manager Service r Agent tab. 2. In either tab, yu will see the name f the service. T cnfigure settings fr lgs, select the desired services and cnfigure the fllwing ptins: 107

108 Service Hst The server where the service resides. Lg Level Lgs culd be cnfigured t generate n each f the fllwing levels. Infrmatin Lgs f this level recrd the basic infrmatin f Perimeter, such as the jbs that yu have run, the peratins yu have perfrmed and imprtant prcesses f jbs. Infrmatin level lgs als cntain all f the lgs frm Warning and Errr levels. Debug (default) Lgs f this level recrd the detailed infrmatin related t the internal peratins such as the cmmunicatin between Perimeter Manager and Perimeter Agent, the peratins in the database, the utput message f the data. Lgs f this level are used fr finding ut all the details f the jbs, and it is recmmended that the level is set t Debug befre trubleshting. Debug level lgs als cntain all f the lgs frm Infrmatin, Warning and Errr levels. Errr Lgs f this level recrd the errr messages fr jbs. Nt all the errrs culd lead t the failure f the jbs, sme f the errrs have already been dealt with and the lgs will recrd the detailed infrmatin. Warning Lgs f this level recrd exceptins fr jbs. Warning level lgs als cntain all f the lgs frm Errr level. *Nte: After changing the lg levels, the changes will nt affect the previus lgs but will affect the newly generated lgs. Size f Each Lg File The default size fr a lg is 5 MB. Yu can adjust the size accrding t yur requirements by entering a different number int the text bx. Ttal Lg File Limit The maximum number f all the lg files in the Lgs flder under the installatin flder f each Manager Service. Fr each Agent server, the Ttal Lg File Cunt is the maximum number f all the lg files which can be generated by each.exe file. The Agent lgs are stred in the Lgs flder under the installatin flder f each Agent. When the number f lg files exceeds the threshld, the ldest lg files will be deleted. 3. When yu are finished cnfiguring Lg Settings, click Save t save all changes and return t the Lg Manager interface. T cnfigure the lg settings fr multiple services in bulk, cmplete the fllwing steps: 1. Select all f the desired services and click Batch Lg Settings n the ribbn. 2. On the Batch Lg Settings pp-up windw, cnfigure the Lg Level, Size f Each Lg File, and Ttal Lg File Limit. 3. When yu are finished cnfiguring Lg Settings, click Save t save all changes and return t the Lg Manager interface. 108

109 Cllecting Lgs In rder t cllect lgs in Lg Manager, select yur desired services r Agents by clicking the crrespnding checkbxes and clicking Cllect n the ribbn t initiate the jb fr cllecting lgs fr the selected services r Agents. T view the jb details, navigate t Jb Mnitr. Cnfiguring Mnitring Settings In the Mnitr interface, yu can view and manage the Timer Jb Definitin f the built-in timer jbs and view the Timer Jb Status. Mnitring Timer Jb Definitin T access Timer Jb Definitin, navigate t the Cnfigure menu and then click Timer Jb Definitin under the Mnitr heading. In Timer Jb Definitin, yu can view and manage built-in batch timer jbs. These batch timer jbs are used t mnitr the agents health, calculate sessin summary data fr All Access Lgs in Dashbard based n real-time access lgs, update the last mdified time f shared SharePint files, calculate the data displayed in the dashbards f the AvePint Perimeter Internal Prtal, mnitr the status f each Agent, and prune the expired data based n predefined retentin perids. *Nte: Health mnitring timer jb will send the AvePint Perimeter Agent Health Analyzer Reprt t the cntact yu cnfigured in the General Settings, if the ptential issues that might affect yur usage f Agents are detected. The timer jbs basic infrmatin and their schedules are predefined. Yu can edit and enable/disable the timer Jbs. Editing Timer Jbs T edit a timer jb, cmplete the steps belw: 1. Click the timer jb title t access the Edit Timer Jb interface and edit the fllwing cnfiguratins: Basic Infrmatin Enter the Jb Title and Descriptin fr the timer jb yu are editing. Schedule Settings Specify hw frequently this timer jb runs. Schedule Type Select the interval at which the timer jb ccurs: By minute, By hur, By day, By week, r By mnth. Interval Set up the frequency fr the schedule by entering an integer in the text bx. 109

110 Start Time Specify the time f the day that Perimeter will check fr blcked/warned access attempts. If yu select By mnth, cnfigure the Specify the start time by day f the week and Specify the start time by date fields. Fr mre infrmatin, see the Cnfiguring Advanced Start Time Settings sectin in this guide. 2. Click Save t save yur cnfiguratins r click Save and Run Nw t save the cnfiguratins and run the timer immediately. Disabling and Enabling Timer Jbs T disable, enable, and run a timer jb immediately: Disable If a timer jb s value fr the ENABLED clumn is Yes, yu can disable it. T disable an enabled timer jb, select the timer jb yu want t disable by selecting the crrespnding checkbx, then click Disable n the ribbn r click the pen menu buttn ( ) next t the jb title and then click Disable in the pp-up menu. Enabled If a timer jb s value fr the ENABLED clumn is N, yu can enable it. T enable a disabled timer jb, select the timer jb yu want t enable by selecting the crrespnding checkbx, then click Enabled n the ribbn r click the pen menu buttn ( ) next t the jb title and then click Enable in the pp-up menu. Run Nw T run an enabled timer jb immediately, select the crrespnding checkbx, then click Run Nw n the ribbn r click the pen menu buttn ( then click Run Nw in the pp-up menu. Mnitring Timer Jb Status T access Timer Jb Status, navigate t Cnfigure menu and then click Timer Jb Status under the Mnitr heading. In Timer Jb Status, yu can check whether timer jbs are successful r failed. Yu can view the timer jbs statuses using the fllwing three tabs: ) and Scheduled Jbs Allws yu t exclusively view timer jbs that are scheduled t run in the future. Running Jbs Displays all current running timer jbs. Jb Histry Displays all previus timer jbs. Cnfiguring Windws Phne Lg Lcatin Windws Phne Lgs in the Cnfigure menu prvides yu with the Diagnstic Lgs Lcatin feature. Within this interface, yu can cnfigure a diagnstic lgs lcatin fr string upladed diagnstic lgs f AvePint Perimeter Windws Phne apps. Using the Uplad Lgs feature in the AvePint Perimeter Windws Phne apps, end-users can uplad the diagnstic lg files f their AvePint Perimeter 110

111 Windws Phne apps t the cnfigured diagnstic lgs lcatin. Perimeter administratrs can view the upladed lg files in this lcatin. Upn cmpletin f the installatin, the default diagnstic lgs lcatin f yur Perimeter management system is the \AvePint\Perimeter\Manager\files directry n the AvePint Perimeter Manager server. T custmize the diagnstic lgs lcatin, refer t the sectin belw. In Diagnstic Lgs Lcatin, cnfigure the Universal Naming Cnventin (UNC) path fr the lcatin t stre all f the upladed diagnstic lgs f the AvePint Perimeter Windws Phne apps within this Perimeter management system and the credentials fr accessing the UNC path. 1. T access Diagnstic Lgs Lcatin, navigate t the Cnfigure menu, and then click Diagnstic Lgs Lcatin under the Windws Phne Lgs heading. T cnfigure the diagnstic lgs lcatin fr this Perimeter management system, cmplete the fllwing settings: 2. In the UNC Path text bx, enter the UNC path fr the lcatin where yu want t stre the upladed lg files f AvePint Perimeter Windws Phne apps. Nte that the UNC path shuld be entered in the fllwing frmat: \\admin-pc\c$\data r \\admin-pc\ shared flder. 3. In the Username and Passwrd text bxes, enter the credentials f the accunt used t access the UNC path cnfigured abve. Nte that the entered accunt must have Write permissins t the UNC path cnfigured abve. 4. Click Validatin Test t test the entered infrmatin is valid. 5. Click OK t save the shared file lcatin r click Cancel t exit the current page withut saving any cnfiguratin. 111

112 Jb Mnitr Interface Jb Mnitr allws yu t view the status r details f jbs, dwnlad reprts, and manage jbs all frm a central interface. Yu can view the fllwing types f jbs in Jb Mnitr: Access Vilatin Ntificatin, Access Warning Ntificatin, Bulk Device Enrllment, Lg Cllectin, and AD User Synchrnizatin. Access Vilatin Ntificatin and Access Warning Ntificatin jbs send scheduled ntificatins fr access vilatins and access warnings based n the settings yu cnfigured in Ntificatin Settings. Fr mre infrmatin, refer t Cnfiguring Ntificatin Settings. Bulk Device Enrllment jbs send device enrllment requests in bulk based n the settings cnfigured in Bulk Device Enrllment. Fr mre infrmatin, refer t Sending Device Enrllment Requests in Bulk. Lg Cllectin jbs cllect lgs based n the settings in Lg Manager. Fr mre infrmatin, refer t Cllecting Lgs. AD User Synchrnizatin jbs synchrnize Active Directry users based n the settings yu cnfigured in Synchrnize AD User. Fr mre infrmatin, refer t Synchrnizing Active Directry Users. In the viewing pane f Jb Mnitr, yu can view the fllwing infrmatin f each jb: JOB ID, TYPE, PROGRESS, STATUS, START TIME and FINISH TIME. When a jb cmpletes r cmpletes with exceptin, yu can perfrm the fllwing peratins n the jb: Dwnlad T dwnlad the jb details f a particular jb, select the crrespnding checkbx next t the JOB ID and then click Dwnlad > Dwnlad Jb Details n the ribbn. Yur brwser will ask if yu wuld like t pen r save the file. Click Save r Save as t save it t a designated lcatin. *Nte: This ptin is available fr the fllwing jbs: Bulk Device Enrllment, Lg Cllectin, and AD User Synchrnizatin. Delete T delete jb infrmatin, select the crrespnding checkbxes next t THE JOB ID and click Delete n the ribbn. Jb Summary T view the summary f a jb, select the crrespnding checkbx next t the JOB ID and then click Jb Summary n the ribbn. Yu can view the summary infrmatin in the Jb Summary pp-up windw. Jb Mnitr als allws yu t search fr jbs by jb type t further custmize which jbs are displayed t yu. Enter the keywrd f yur desired jb type in the search bx n the ribbn and click the search ( ) buttn. The matched results will be displayed in the viewing pane. 112

113 Mnitring User Activity and Lcatins via Burglar Alarm Rules Using cnfigured Burglar Alarm Rules, AvePint Perimeter can identify and generate a reprt f suspicius user activity and send ntificatins t ntify system administratrs f this activity. With AvePint Perimeter, Administratrs can limit user activity and restrict allwable lcatins by applying Burglar Alarm Rules n SharePint ndes, Perimeter will mnitr the actins perfrmed upn SharePint dcuments, the usage f the AvePint Perimeter Secured Share site cllectin feature, the number f failed lgin attempts t 2-factr authenticated ndes, and the lcatins where users lg int 2-factr authenticated ndes. Refer t the sectins belw fr detailed infrmatin n mnitring user activities and lcatins using Burglar Alarm Rules. T mnitr user activities and lcatins within yur SharePint envirnment, first review Types f Burglar Alarm Rules, then fllw the prcedures belw: 1. Cnfiguring SharePint Audit Settings fr Dcument Activity Rules at the Web Applicatin r Site Cllectin Level 2. Retrieving Audit Data fr Dcument Activity Rules 3. Cnfiguring Dcument Activity Cllectins 4. Cnfiguring and Applying Burglar Alarm Rules Types f Burglar Alarm Rules The fllwing types f Burglar Alarm rules are available: 1. Dcument Activity Mnitrs the frequency at which a user perfrms actins n dcuments within a user-defined time range. Dcument Activity ffers the fllwing tw rules: Single Activity and Activity Cllectin. Single Activity Mnitrs hw many times a user perfrms an actin n dcuments within a user-defined time range. Activity Cllectin Mnitrs the ttal number f actins included in a user-defined dcument activity cllectin that are perfrmed by a user n dcuments within a userdefined time range. A dcument activity cllectin includes multiple actins that can be mnitred by an individual Dcument Activity rule. Fr detailed infrmatin n cnfiguring a dcument activity cllectin, refer t Cnfiguring Dcument Activity Cllectins. Using Dcument Activity rules, the fllwing are the available actins that can be mnitred: 113

114 Track real-time data fr the fllwing user activities: Read nline, Dwnlad, as Attachment, Read, Open in 3rd Party App, View Shared File in Prtal, and Dwnlad Shared File frm Prtal. Track the retrieved SharePint audit data fr the fllwing user activities: Check Out, Check In, View, Delete, Update, Prfile Change, Delete Child, Schema Change, Restre, Wrkflw, Cpy, Mve, and Search. These activity types use the same definitins as the SharePint audit events. *Nte: T use the Dcument Activity rules fr mnitring the activities mentined abve, yu must first enable the crrespnding SharePint audit events in the desired SharePint ndes, and retrieve the required audit data. Fr details instructins, refer t Cnfiguring SharePint Audit Settings fr Dcument Activity Rules at the Web Applicatin r Site Cllectin Level and Retrieving Audit Data fr Dcument Activity Rules. 2. Failed Lgin Attempts Mnitrs hw many times a user failed t lg int 2-factr authenticated SharePint sites by the rule 2-Factr Authenticatin Failure. AvePint Perimeter identifies suspicius user activity mnitred by the Failed Lgin Attempts rule using the realtime data f 2-factr authenticatin failures. 3. Secured Share Mnitrs the usage f the AvePint Perimeter Secured Share feature using the fllwing rules: Shared by Same User This rule mnitrs hw many files a user shares with thers via the Secured Share feature within a user-defined time range. Shared with Same User This rule mnitrs hw many files are shared with a user via the Secured Share feature within a user-defined time range. AvePint Perimeter identifies suspicius activities mnitred by the Secured Share rules using the real-time usage data f the AvePint Perimeter Secured Share feature. 4. Lgin Lcatin Mnitrs the distance between the last tw lcatins where a user was when lgging int SharePint sites with 2-factr authenticatin enabled. This rule uses the Distance Between Lcatins rule. AvePint Perimeter identifies suspicius activities mnitred by the Lgin Lcatin rule using the real-time user lcatin data. Cnfiguring SharePint Audit Settings fr Dcument Activity Rules at the Web Applicatin r Site Cllectin Level Dcument Activity Burglar Alarm rules with the same activity definitins as SharePint audit events rely n SharePint audit data. Therefre, befre yu can apply Dcument Activity Burglar Alarm rules, yu must enable SharePint audit events using SharePint Audit Settings. T access the SharePint Audit Settings interface, navigate t the Manage menu and then click SharePint Audit Settings under the Audit heading. In the SharePint Audit Settings interface, expand 114

115 the scpe tree t the Web applicatin r site cllectin level t view the SharePint audit settings n each nde within yur SharePint farm. SharePint Audit Events This clumn displays the number f currently enabled SharePint audit events in the Web applicatin r site cllectin nde. Audit Settings Inherited? This clumn indicates if the site cllectin nde is inheriting SharePint audit settings frm its parent nde. Fr detailed infrmatin n inheriting and stp inheriting f SharePint audit settings, refer t Inheriting and Stp Inheriting f SharePint Audit Settings. T enable the SharePint audit events, cmplete the fllwing steps: 1. Expand the scpe tree t the Web applicatin r site cllectin level, select the nde where yu want t cnfigure SharePint audit settings by clicking the crrespnding checkbx. *Nte: Prir t cnfiguring the audit settings n a site cllectin nde, yu must ensure the nde is nt inheriting audit settings frm its parent nde, with the Audit Settings Inherited? clumn displaying N. If the Audit Settings Inherited? clumn f a selected site cllectin nde display Yes, yu must click the Stp Inheriting n the ribbn t stp inheriting the audit settings frm its parent. 2. Click Cnfigure buttn n the ribbn t access the Cnfigure interface fr cnfiguring SharePint audit settings. 3. Cmplete the fllwing steps in the Cnfigure interface: a. Audit Event Selectin Select the audit events yu want t mnitr in the selected SharePint nde, r deselect the events yu d nt want t audit in the selected SharePint nde. *Nte: If sme SharePint audit events are currently enabled in the selected site cllectin, the Events Currently Enabled fr Auditing field is available, displaying the currently enabled audit events in this site cllectin. b. Scheduling Settings Cnfigure the schedule fr applying the audit settings cnfigured abve by chsing ne f the fllwing ptins: N schedule With this ptin selected, the cnfigured audit settings will be applied nce when yu click Apply Nw t save the cnfiguratins. After these settings are applied fr the first time, they will nt be applied autmatically again. Yu can nly manually apply the settings frm the Cnfigure interface. Cnfigure the schedule myself With this ptin selected, yu can cnfigure the schedule fr applying the cnfigured audit settings. A separate cnfiguratin area appears when yu select this ptin and yu can custmize the schedule with the fllwing ptins: Schedule Type Select the schedule type fr applying the cnfigured audit settings: By minute, By hur, By day, By week, r By mnth. 115

116 Interval Set up the frequency fr the schedule by entering an integer in the text bx. Start Time Specify the time f the day when Perimeter applies the cnfigured audit settings. If yu select By mnth, cnfigure the Specify the start time by day f the week and Specify the start time by date fields. Fr mre infrmatin, see the Cnfiguring Advanced Start Time Settings sectin in this guide. *Nte: If the selected nde is a Web applicatin, and a new child site cllectin is created after the cnfigured audit settings are applied t this Web applicatin, the previusly applied audit settings will nt take effect n the newly created site cllectin. T ensure the audit settings can be autmatically applied t the newly created site cllectin under a Web applicatin, AvePint recmmends cnfiguring a schedule fr applying the audit settings t the Web applicatin. 4. Click Apply Nw t save the cnfiguratins and apply the cnfigured audit settings n the selected nde immediately, r click Cancel t clse the page withut saving the cnfiguratins. Disabling All SharePint Audit Events In the SharePint Audit Settings interface, yu can disable auditing n Web applicatin and site cllectin ndes. After the SharePint audit events are disabled n the selected ndes, the SharePint audit feature will n lnger audit these ndes r any child ndes. Cmplete the fllwing steps: 1. Access the SharePint Audit Settings interface. On the scpe tree, select the ndes where yu want t disable all audit events. If the selectin ndes have unique SharePint audit settings, the Disable All Events buttn is available; prceed t step 2. If sme f the selected ndes are inheriting audit settings frm their parent ndes, the Disable All Events buttn is nt available. T disable all audit events in a site cllectin nde that is inheriting audit settings frm its parent nde, yu must first click the Stp Inheriting buttn t break inheritance frm its parent. Then, the Disable All Events buttn becmes available. T inherit r stp inheriting SharePint audit settings, refer t Inheriting and Stp Inheriting f SharePint Audit Settings. 2. Click Disable All Events n the ribbn. A cnfirmatin windw appears. 3. Click OK. 116

117 Inheriting and Stp Inheriting f SharePint Audit Settings There are tw nde levels n the Scpe tree in the SharePint Audit Settings interface: Web applicatin and site cllectin. If yu cnfigure SharePint audit settings n a Web applicatin nde, the site cllectins within this Web applicatin autmatically inherit the audit settings applied t their parent nde. If yu cnfigure SharePint audit settings n a site cllectin nde, the cnfigured audit settings will nly be applied t the selected nde, withut affecting ther site cllectin r Web applicatin ndes. When cnfiguring SharePint audit settings fr the first time, yu can cnfigure audit settings directly at either the Web applicatin r site cllectin level. After yu cnfigure audit settings fr a Web applicatin, yu can still directly cnfigure audit settings f this Web applicatin. Hwever, if yu want t cnfigure unique audit settings fr a site cllectin under this Web applicatin, yu must first break the site cllectin s inheritance f audit settings frm its parent. T stp specific site cllectins inheritance f audit settings frm their parent ndes, select the crrespnding ndes n the scpe tree, with the Audit Settings Inherited? clumn displaying Yes, and click Stp Inheriting n the ribbn. The selected ndes stp inheriting audit settings frm their parent ndes and the crrespnding values in the Audit Settings Inherited? clumn becme N. The previusly inherited audit settings are kept in these site cllectin ndes and the changes f the audit settings applied n the parent ndes will nt affect these ndes. If yu have brken the audit settings inheritance n sme site cllectin ndes, yu can inherit the audit settings frm their parent ndes again. On the scpe tree, select the ndes which have brken the audit settings inheritance frm their parent ndes, and click Inherit n the ribbn. The selected ndes inherit audit settings frm their parent ndes again and the audit settings currently applied n the selected site cllectins are be verwritten. The values in the Audit Settings Inherited? clumn f the selected ndes becme Yes. Retrieving Audit Data fr Dcument Activity Rules With the desired SharePint audit events enabled in the ndes where yu use the Dcument Activity Burglar Alarm rules, use the Retrieve Audit Data feature t cnfigure the audit data retrieval settings and retrieve audit data frm SharePint ndes. T access the Retrieve Audit Data interface, navigate t the Manage menu and then click Retrieve Audit Data under the Audit heading. In the Retrieve Audit Data interface, expand the scpe tree t the Web applicatin r site cllectin level t view the audit retrieval settings f yur SharePint farm. Audit Data Retrieved Displays whether Perimeter has retrieved audit data frm the Web applicatin and site cllectin nde in the farm. 117

118 Retrieval Schedule Displays whether yu have cnfigured the audit retrieval schedule fr this farm. T retrieve audit data frm a SharePint farm, yu must first cnfigure the audit retrieval settings fr the farm t determine the data retrieval scpe and schedule. If yu select Cnfigure the schedule myself in Retrieval Schedule and cnfigure a schedule fr retrieving audit data, Perimeter will run scheduled jbs t autmatically retrieve audit data frm the ndes selected in Scpe Selectin. If yu select N schedule, yur nly ptin is t manually retrieve the data. *Nte: The Retrieve Audit Data feature autmatically excludes the fllwing SharePint bjects and users while retrieving audit data frm SharePint farms: SharePint system pages whse URLs cntain /_catalgs/, /SitePages, r_.000 r end with /Frms r /Frms/AllItems.aspx. The system accunts f the SharePint farm whse SharePint audit data is t be retrieved. The user cnfigured in the System Credentials interface. T custmize the SharePint bjects r users whse SharePint audit data will nt be retrieved, refer t Cnfiguring Filter Rules fr Excluding Specific Audit Data. Fr detailed instructins, refer t the sectins belw. Cnfiguring Audit Retrieval Settings fr a Farm T cnfigure the audit retrieval settings fr a SharePint farm where yu want t retrieve audit data, cmplete the fllwing steps: 1. On the Scpe tree f the Retrieve Audit Data interface, select the farm fr which yu want t cnfigure the audit data retrieval settings. 2. Click Cnfigure Settings n the ribbn t access the Audit Retrieval Settings interface f the selected farm. 3. Cnfigure the fllwing settings in the Audit Retrieval Settings interface: a. In the Scpe Selectin sectin, select the checkbxes f the Web applicatin and/r site cllectin ndes where yu want t retrieve audit data. T view the enabled audit events in a site cllectin, hver ver View enabled audit events n the right f the site cllectin URL. A tltip appears, displaying the enabled audit events f the nde. *Nte: Only the ndes with enabled SharePint audit events are selectable n the scpe tree. b. In the Schedule Settings sectin, cnfigure the schedule fr retrieving audit data frm the selected ndes by chsing ne f the fllwing ptins: 118

119 N schedule With this ptin selected, yu can nly manually retrieve audit data frm the selected ndes. T manually retrieve audit data, refer t Manually Retrieving Data frm a Farm. Cnfigure the schedule myself With this ptin selected, yu can cnfigure the schedule fr retrieving audit data frm the selected ndes. A separate cnfiguratin area appears when yu select this ptin and yu can custmize the schedule with the fllwing ptins: Schedule Type Select the schedule type fr retrieving audit data frm the selected ndes: By minute, By hur, r By day. Interval Set up the frequency fr the schedule by entering an integer in the text bx. Start Time Specify the time f the day when Perimeter starts t retrieve the audit data frm the selected ndes. 4. Click Save r Save and Retrieve Nw t save the cnfiguratins r click Cancel t exit this page withut saving yur cnfiguratins. Click Save t save the cnfiguratins and return t the Retrieve Audit Data interface. Click Save and Retrieve Nw t save the cnfiguratins and retrieve audit data frm the selected ndes immediately. Manually Retrieving Data frm a Farm If yu selected N schedule in Retrieval Schedule, yu can nly manually retrieve audit data frm the ndes selected in Scpe Selectin by cmpleting the fllwing steps: 1. Navigate t the Retrieve Audit Data interface. 2. On the Scpe tree, select the farm nde, where yu want t manually retrieve audit data. 3. Click Retrieve Nw n the ribbn t start a jb t retrieve audit data. Cnfiguring Filter Rules fr Excluding Specific Audit Data T exclude specific SharePint bjects r users frm being audited by the Retrieve Audit Data feature, fllw the steps belw t cnfigure filter rules in the UserCnfig.xml cnfiguratin file n the Perimeter Manager server. 1. Navigate t AvePint\Perimeter\bin\Cnfig\ directry n the Perimeter Manager server. 2. Open the UserCnfig.xml file. 3. T add a filter rule fr excluding SharePint bjects by URL, add the child nde <Rule value="" cnditin=""/> within the <AuditrDataExcludeRules> nde. Rule value Set the value f this attribute t the value that is cntained by the desired URLs r at the end f the desired URLs. 119

120 cnditin Set the value f this attribute t either f the fllwing cnditins: cntains With this cnditin, this rule filters and excludes the URLs that cntain the value f the rule value attribute. endwith With this cnditin, this rule filters and excludes the URLs that end with the value f the rule value attribute. 4. T add a filter rule fr excluding a SharePint user by username, add the child nde <User name=" /> within the < AuditrDataIgnreUsers> nde and set the desired user s lgin name as the value f the User name attribute. Figure 6: Cnfiguring the UserCnfig.xml file. 5. Save the changes and clse the file. Cnfiguring Dcument Activity Cllectins In Dcument Activity Cllectin, yu can cnfigure dcument activity cllectins t include multiple dcument activities that can be mnitred by individual Burglar Alarm Dcument Activities rules. T access Dcument Activity Cllectin, navigate t the Manage menu and click Dcument Activity Cllectin under the Audit heading. Adding a New Dcument Activity Cllectin T cnfigure a dcument activity cllectin in the Dcument Activity Cllectin interface, cmplete the fllwing steps: 1. Click Add n the ribbn t access the Add Dcument Activity Cllectin interface. 2. In the Basic Infrmatin sectin, enter the name f the dcument activity cllectin yu are abut t create. 3. In the Activity Type Selectin sectin, select the checkbxes f the activities that yu want t add int this dcument activity cllectin. 4. Click Save t save the cnfiguratins and add the dcument activity cllectin, r click Cancel t exit this interface withut adding the dcument activity cllectin. 120

121 Editing a Dcument Activity Cllectin After a dcument activity cllectin is created, its name cannt be changed. Yu can nly change the dcument activity types included in a previusly created dcument activity cllectin, by cmpleting the fllwing steps: 1. In the Dcument Activity Cllectin interface, select the crrespnding checkbx next t the desired dcument activity cllectin and click Edit n the ribbn t access the Edit Dcument Activity Cllectin page. 2. In the Activity Type Selectin sectin, select the checkbxes f the activities that yu want t include in this dcument activity cllectin, and deselect the checkbxes f the activities yu d nt want t include in this dcument activity cllectin. 3. Click Save t save the changes, r click Cancel t exit this interface withut saving the changes. Deleting Dcument Activity Cllectins T delete a previusly created dcument activity cllectin, select the crrespnding checkbx and click Delete n the ribbn. Alternatively, yu can click the pen menu ( ) buttn next t the dcument activity cllectin name and then click Delete in the menu. The dcument activity cllectin is deleted frm the AvePint Perimeter management system. Cnfiguring and Applying Burglar Alarm Rules In Burglar Alarm Rules, yu can cnfigure and apply Burglar Alarm rules at Web applicatin r site cllectin level t mnitr end-user activities and lcatins acrss the AvePint Perimeter management system. After the Burglar Alarm rules are applied t SharePint ndes, Perimeter can retrieve the required data and then check whether there are suspicius activities based n the threshlds cnfigured in the rules. T access Burglar Alarm Rules, navigate t the Manage menu and click Burglar Alarm Rules under the Audit heading. In the Burglar Alarm Rules interface, yu can view the number f Burglar Alarm rules applied n each Web applicatin r site cllectin nde f a SharePint farm, by expanding the scpe tree t the Web applicatin r site cllectin level. The Burglar Alarm Rules clumn displays the number f rules currently applied n each nde. T cnfigure and apply Burglar Alarm rules t a Web applicatin r site cllectin nde, cmplete the fllwing steps: 1. In the Scpe pane, expand the farm tree t the Web applicatin r site cllectin level. 2. Select the Web applicatin r site cllectin nde where yu want t cnfigure and apply Burglar Alarm rules and click Cnfigure n the ribbn t access the Cnfigure interface, r click the link in the Burglar Alarm Rules clumn next t the nde. 121

122 3. In the Burglar Alarm Cnfiguratin sectin, cnfigure the rules yu want t apply t the selected nde. Fr detailed instructins n cnfiguring Burglar Alarm rules, refer t Creating r Editing Burglar Alarm Rules. 4. In the Ntificatin Settings, determine whether t send ntificatins immediately when Perimeter identifies suspicius activities based n the rules cnfigured abve. T send immediate ntificatins t the desired users, cmplete the fllwing steps: a. Select the Send ntificatin t the specified recipients immediately checkbx. The Recipients text bx and Include the direct manager f the users wh trigger alarms checkbx appear belw. b. In the Recipients text bx, enter the addresses f the recipients wh will receive the ntificatins. Separate each address with semi-clns. c. T send ntificatins t the direct manager f the users wh trigger the Burglar Alarm rules, select Include the direct manager f the users wh trigger alarms. *Nte: T ensure Perimeter can prperly retrieve the apprpriate addresses fr ntificatins, yu must use the Synchrnize Active Directry Users feature t synchrnize all Active Directry users in yur rganizatin with Perimeter frm the dmain cntrller. Fr detailed infrmatin n using the Synchrnize Active Directry Users feature, refer t Synchrnizing Active Directry Users. 5. Click Save t save the cnfiguratins and immediately apply the rules t the selected nde, r click Cancel t exit this interface withut saving the cnfiguratins. *Nte: After yu apply Burglar Alarm rules t a Web applicatin, all f the site cllectins within the Web applicatin will autmatically inherit the rules applied t their parent nde. The site cllectin s previusly applied rules will be verwritten. After the Burglar Alarm rules are applied t a SharePint Web applicatin r site cllectin, Perimeter will start real-time mnitring n the crrespnding user activities and lcatins based n the cnfigured settings. Once Perimeter identifies any suspicius activities, the activities that crss the rules threshlds will be recrded in the Burglar Alarm Reprt, with detailed infrmatin. Fr detailed infrmatin n the Burglar Alarm Reprt, refer t Burglar Alarm Reprt. Als, Perimeter prvides the fllwing ntificatins: Burglar Alarm Ntificatin in Perimeter Manager After Perimeter identifies new suspicius activities, a red dt will appear n the flag buttn fr Burglar Alarm Ntificatin n the upper right crner f the Perimeter Manager interface. T view the newly generated ntificatins, cmplete the fllwing steps: i. Click the flag buttn fr Burglar Alarm Ntificatin t access the Burglar Alarm Ntificatin windw. ii. In this windw, yu can view the ntificatins fr each triggered Burglar Alarm rule srted by date. 122

123 iii. T view the detailed infrmatin f the activities that trigger a particular Burglar Alarm rule, click the desired ntificatin item t access the Burglar Alarm Reprt interface. Fr detailed infrmatin n the Burglar Alarm Reprt, refer t Burglar Alarm Reprt. Burglar Alarm: Suspicius Activity Alert If the Send ntificatin t the specified recipients immediately checkbx is selected in the Cnfigure interface f Burglar Alarm Rules, Perimeter will send immediate Burglar Alarm: Suspicius Activity Alert ntificatins n the identified suspicius activities t the entered Recipients. Creating r Editing Burglar Alarm Rules T create r edit Burglar Alarm rules in the Cnfigure interface f the Burglar Alarm Rules feature, cmplete the fllwing steps: 1. In the Bugler Alarm Cnfiguratin sectin, click Add a Rule t add a rule by cmpleting the fields belw. Alarm Type Select the alarm type f the rule yu are abut t add. Rule Select the rule yu are abut t add. With Dcument Activity selected in Alarm Type, yu can select either f the fllwing rules: Single Activity With this ptin selected, select the activity yu want t mnitr frm the drp-dwn list n the right. Activity Cllectin With this ptin selected, select an existing dcument activity cllectin yu want t mnitr frm the drp-dwn list n the right, r select New Dcument Activity Cllectin t create a new ne. Fr details n creating a new dcument activity cllectin, refer t Adding a New Dcument Activity Cllectin. With Failed Lgin Attempts selected in Alarm Type, 2-Factr Authenticatin Failure is the nly available rule. With Secured Share selected in Alarm Type, yu can select the Shared with Same User r Shared by Same User rule. With Lgin Lcatin selected in Alarm Type, Distance Between Lcatins is the nly available rule. Threshld Cnfigure the threshld fr the rule yu are abut t add. With the Single Activity, Activity Cllectin, 2-Factr Authenticatin Failure, Shared by Same User, r Shared by Same User selected in Rule, cnfigure the threshld by entering an activity cunt integer int the text bx. If a user perfrms the crrespnding activity the number f times entered here within the user-defined time range, the crrespnding rule will be triggered. 123

124 With Distance Between Lcatins selected in Rule, cnfigure the maximum distance between lcatins in the threshld by entering a psitive integer int the text bx and selecting a unit frm the drp-dwn list. If the distance between the lcatins f a user s last tw lgins reaches the distance cnfigured here, the Distance Between Lcatins rule will be triggered. Cnditin The cnditin fr all Burglar Alarm rules are Within and cannt be changed. Time Range Cnfigure the time range the rule will cver fr checking whether there are suspicius activities based n the cnfigured threshld. Enter a psitive integer in the text bx and select a time unit frm the drp-dwn list. 2. After cnfiguring a rule, click Add a Rule t add anther rule r delete a previusly added rule by selecting the checkbx f the rule and clicking Remve. 124

125 Manage Menu After cnfiguring the cnfiguratins in the Cnfigure menu, navigate t the Manage menu t invite endusers t enrll their mbile devices, publish SharePint sites fr accessing via enrlled devices and cnfigure cntent access plicies fr SharePint cntent via any devices. Yu can als use the Manage menu t manage the enrlled devices, end-users, device grups and lcatins cnfigured fr AvePint Perimeter management system. Enrlling a Device If yu have successfully cnfigured General Settings and Ntificatin settings, yu can send device enrllment requests t invite users t enrll their mbile devices. Yu can manage the enrllment requests in the Device Enrllment interface. Sending an Individual Device Enrllment Request T send an enrllment request, fllw the steps belw: 1. Navigate t the Manage menu, and click Device Enrllment t enter the Device Enrllment interface. 2. Click Enrll New Device n the ribbn t enter the Enrll New Device interface and cnfigure the fllwing settings: User Type Specify the user type f the end-user yu want t invite. Select Internal if the user is an internal user within yur rganizatin, r select External if the user is a user utside yur rganizatin. The Ownership sectin belw will autmatically lad the available ptins accrding t yur selectin here. Address Enter the rganizatin address f the end-user yu want t invite. *Nte: If yu select Internal as the User Type, yu must enter the user s address cnfigured in the Active Directry Dmain Cntrller. Username Enter the username f the end-user s accunt in the rganizatin directry. If yu select Internal as the User Type, enter the username in the frmat: dmain\username. If yu select External as the User Type, select the Use address as username checkbx t use the Address entered abve as the username f the external user, r enter the username in the frmat: user@dmain.cm. Ownership Chse the type f wnership f the device t be enrlled. If yu selected Internal fr User Type, yu will have the fllwing ptins fr Ownership: 125

126 Wrk-issued The device is wned by the cmpany. Persnal The device is wned by the internal user. User t Prvide D nt select the wnership f the device here. The end-user will prvide this infrmatin when enrlling the device. *Nte: If yu select External fr User Type, the Ownership is autmatically set as External and cannt be changed. Authenticatin Mde Specify the authenticatin methd fr this Perimeter Manager server during the mbile device enrllment prcess. Directry Credentials fr Organizatin The user must prvide the rganizatin directry credentials (username and passwrd) f the rganizatin directry accunt during the mbile device enrllment prcess. One-Time Enrllment Cde The user must prvide the rganizatin username and the One-Time Enrllment Cde prvided in the enrllment request during the mbile device enrllment prcess. 2-Factr Authenticatin with bth Directry Credentials and a One-Time Enrllment Cde The user must prvide bth the rganizatin credentials (username and passwrd) and the One-Time Enrllment Cde prvided in the enrllment request during the mbile device enrllment prcess. Expiratin Time Specify when this enrllment request will expire. Request never expires This enrllment request never expires. Request expires n Select the expiratin time fr the enrllment request frm the calendar. Request expires after Enter an integer in the text bx and select Days, Weeks, Mnths r Years frm the drp-dwn list. The enrllment request will expire after this perid. Recipient Enter the addresses f the recipients fr this enrllment request. Yu can enter multiple addresses, separating them by semiclns. *Nte: By default, the system administratr s address entered in General Settings is autmatically filled in this field. The system administratr will receive an e- mail ntificatin f each enrllment request. Subject Enter the subject f the enrllment request Enrll Anther Device Select whether t cntinue t enrll anther device after yu are finished sending this enrllment request. If yu select this ptin, click Send t send the enrllment request. Once the enrllment request has been sent ut, yu will stay n the Enrll New Device interface t cnfigure a new enrllment request. 126

127 If yu d nt select this ptin and click Send t send the enrllment request. Once the enrllment request has been sent ut, yu will exit this page and cme back t the Device Enrllment interface. If yu dn t want t save and send this enrllment request, click Cancel t exit the page withut saving the cnfiguratins and sending the enrllment request. Sending Device Enrllment Requests in Bulk T send enrllment requests in bulk, cmplete the fllwing steps: 1. Navigate t the Manage menu, and click Device Enrllment t enter the Device Enrllment interface. 2. Click Bulk Device Enrllment n the ribbn t enter the Bulk Device Enrllment interface. 3. Click the hyper link f Dwnlad the bulk enrllment template t dwnlad a bulk enrllment template. 4. Fill in the dwnladed template with the required infrmatin f the users yu want t invite. 5. When yu finish cnfiguring the template file, save it as a bulk enrllment file. 6. Click Brwse buttn t lcate and pen the previusly cnfigured bulk enrllment file. 7. Click Apply n the ribbn t apply the selected bulk enrllment file and AvePint Perimeter will initiate the jb fr sending enrllment requests t all f the users in this enrllment file. Managing Enrllment Requests In the Device Enrllment interface, yu can manage and delete the previusly created enrllment requests as belw: Resend Enrllment Request T resend the previusly created enrllment requests, select the crrespnding checkbxes and click Resend Enrllment Request n the ribbn. Delete T delete the previusly created enrllment request, select the crrespnding checkbxes and click Delete n the ribbn. End-User Device Enrllment Fr end-users t enrll their device, they must receive an enrllment sent by AvePint Perimeter Manager, as described in Sending an Individual Device Enrllment Request. *Nte: T use Perimeter App n a Windws Phne, yu must dwnlad and install a certificate befre lgging int the Perimeter App. Fr details, refer t Dwnlading and Installing Certificate n Windws Phne Befre Lgin. The fllwing prcedure assumes that AvePint Perimeter is installed and running, and that the enduser has received the enrllment

128 1. Obtain the free AvePint Perimeter mbile app. Refer t the enrllment fr a link t the apprpriate app stre. 2. Once the app is installed, pen the app, click the scan ( ) buttn t scan the QR cde in the enrllment t autmatically enter the Device Service URL and Address infrmatin prvided in the enrllment , r manually enter the infrmatin int the crrespnding text bxes. 3. Click Enrll t access the next page. 4. Enter the required authenticatin infrmatin accrding t the user type: If enrlling an Internal user, enter the Username and Passwrd and/r One-Time Enrllment Cde authenticatin infrmatin prvided in the enrllment . If enrlling an External user, enter the One-Time Enrllment Cde prvided in the enrllment . Dwnlading and Installing Certificate n Windws Phne Befre Lgin Cmplete the steps belw t dwnlad and install the certificate n Windws Phne befre lgging int the Perimeter App: 1. Open the AvePint Perimeter App n the Windws Phne. The lgin page appears. 2. There is a nte under the Enrll buttn saying If there is an errr with the security certificate f the entered Device Service URL, click here t install the certificate. Click here. The Install certificate? interface appears. *Nte: Make sure the Perimeter Manager, Gateway, and Prtals have internet access. 3. Click Install. Yu will be asked t pen r save the dwnladed file. Click Open. 4. After the certificate is autmatically installed, click OK. Managing Enrlled Devices Once end-users receive the enrllment requests sent fr AvePint Perimeter Manager, they can fllw the instructins in the enrllment request s t dwnlad AvePint Perimeter mbile app and enrll their devices int the AvePint Perimeter management system. Yu can access Manage Enrlled Devices t manage all f the enrlled devices. T access Manage Enrlled Devices, navigate t the Manage menu and then click Manage Enrlled Devices t enter the Manage Enrlled Devices interface. In the Manage Enrlled Devices interface, yu can view a list f all f the enrlled devices with basic infrmatin, including device name, device ID, platfrm, peratin system, mdel, device wner, device wnership, registratin time, last reprt time, last authenticatin time, and status. T filter the devices with criteria, yu can use the search bx in the upper-right crner t search by the desired device names 128

129 r use the Advanced Search feature t cnfigure multiple search cnditins. T use Advanced Search, refer t Advanced Search. In the Manage Enrlled Devices interface, yu can fllw the fllwing peratins t manage the enrlled devices. Managing the Status f Enrlled Devices Viewing Enrlled Devices Details Deleting Enrlled Devices Managing the Status f Enrlled Devices T manage the status f an enrlled device, yu can perfrm the fllwing actins: Disabling a Device When the STATUS f a particular device is Active, the Disable ptin is available n the ribbn. Disabled devices will nt run the Perimeter app. T disable a particular device, fllw the steps belw: 1. Select the desired device by selecting the checkbx next t the crrespnding DEVICE NAME. 2. Click Disable n the ribbn. The Security Check pp-up windw appears. 3. In the Security Check windw, enter the passwrd f the current lgn user and click Cnfirm. A pp-up windw fr the reasn appears. 4. Enter the reasn why yu want t disable the AvePint Perimeter app n this device in the text bx and click OK. 5. Once the Disable actin is cmplete, the STATUS f the device becmes Disabled. Enabling a Device T use the AvePint Perimeter mbile app n a Disabled device, yu need t enable the device. T enable a device, cmplete the fllwing steps: 1. Select the desired device by selecting the checkbx next t the crrespnding DEVICE NAME. 2. Click Enable n the ribbn. The Security Check pp-up windw appears. 3. In the Security Check windw, enter the passwrd f the current lgn user and click Cnfirm. A pp-up windw fr the reasn appears. 4. In the pp-up windw, enter the reasn why yu want t enable the AvePint Perimeter app n this device and click OK. 5. Once the Enable actin is cmpleted, the STATUS f the device becmes Active. 129

130 Perfrming an Enterprise Wipe n a Device If the device wner reprts a lss f the device t the system administratr, yu can use the Enterprise Wipe ptin t erase all f Perimeter s applicatin data. T perfrm the Enterprise Wipe actin, cmplete the fllwing steps: 1. Select the desired device by selecting the checkbx next t the crrespnding DEVICE NAME. 2. Click Enterprise Wipe n the ribbn. The Security Check pp-up windw appears. 3. In the Security Check windw, enter the passwrd f the current lgn user and click Cnfirm. A pp-up windw fr the recipient, subject and reasn appears. 4. In the pp-up windw, enter the recipient and subject fr the ntificatin f the Enterprise Wipe t be perfrmed. Als, enter the reasn why yu want t enterprise wipe this device. 5. Click Enterprise Wipe t cntinue r click N t exit withut perfrming any actin. 6. Click OK t initiate this actin r click Cancel t cancel this actin. 7. Once an Enterprise Wipe actin is initiated, the device s STATUS becmes Enterprise Wipe Pending. When the Enterprise Wipe actin cmpletes, the STATUS becmes Inactive. Cancelling an Enterprise Wipe When the Status f the device is Enterprise Wipe Pending, yu can cancel the Enterprise Wipe actin n this device befre it is executed. T d this, cmplete the fllwing steps: 1. Select the desired device by selecting the checkbx next t the crrespnding DEVICE NAME. 2. Click Cancel Enterprise Wipe n the ribbn. The Security Check pp-up windw appears. 3. In the Security Check windw, enter the passwrd f the current lgn user and click Cnfirm. A pp-up windw fr the reasn appears. 4. In the pp-up windw, enter the reasn why yu want t cancel the Enterprise Wipe actin and click OK. 5. The STATUS f the device reverts back t the status befre the Enterprise Wipe actin was initiated. Sending an Instant Message When the Status f the device is Active r Disabled, yu can use the Send Instant Message ptin t send an instant message t the device. T send an instant message t a device, cmplete the fllwing steps: 1. Select the desired device by selecting the checkbx next t the crrespnding DEVICE NAME. 2. Click Send Instant Message n the ribbn. The Send Instant Message windw appears. 3. In the pp-up windw, enter the Title and Bdy f the message yu want t send. 130

131 4. Click OK t send the message r click Cancel t exit withut sending the message. Viewing Enrlled Devices Details T view detailed infrmatin n an enrlled device, click n the Device Name t enter the Device Details interface. Alternatively, yu can select the crrespnding checkbx and then click View Details n the ribbn. In the Device Details interface, yu can view the device details in these fur tabs: Basic Infrmatin, Usage Tracking, Lcatin Histry and Actin Histry. Viewing Basic Infrmatin The fllwing infrmatin is available frm the Basic Infrmatin tab: 1. General Infrmatin In the General Infrmatin sectin yu can view the fllwing infrmatin: Last Username The username f the last user wh lgged int the AvePint Perimeter app using this device. Ownership The wnership type f this device. This is specified in the enrllment request r prvided by the user while enrlling this device. Registratin Time The last time when this device was lgged int t the AvePint Perimeter management system. Last Authenticatin Time The last time the user authenticated t the SharePint sites using this device. Last Reprt Time The last time when this device cmmunicated with AvePint Perimeter Manager. Managed Status The status f this device in this management system. There are fur pssible statuses fr an enrlled device. Active When the status is Active, The user can use this device t access SharePint sites nrmally. Disabled When the status is Disabled, users cannt use the AvePint Perimeter app n this device. Enterprise Wipe Pending When the status is Enterprise Wipe Pending, the AvePint Perimeter Mbile app will erase all Perimeter app data. Inactive When the status is Inactive, this device has been deactivated. Users cannt lg int the AvePint Perimeter Mbile app using this device. Push Ntificatin Enabled Whether this device is allwed t receive push ntificatin frm the Apple Push Ntificatin Service (APNS) servers r Ggle Clud Messaging (GCM) servers. Status Message The message prvided by the administratr wh perfrmed the last peratin n this device. 131

132 Mbile App Versin the versin f the AvePint Perimeter mbile app installed n this device. 2. Hardware Infrmatin In the Hardware Infrmatin sectin, yu can view the fllwing infrmatin: Device ID The GUID f the device in the Manager Cnfiguratin database. Device Name The name f the device. Platfrm The platfrm f the device s peratin system. Operatin System The versin f the device s peratin system. Manufacturer The manufacturer f the device. Mdel The mdel f the device. Frm Factr The frm factr f the device which is used t refer t the size, style and shape f the device as well as the layut and psitin f the device's majr cmpnents. 3. Lcatin Infrmatin In the Lcatin Infrmatin sectin, yu can view the fllwing infrmatin: Lcatin Service Enabled Displays whether the Lcatin Service is enabled n the device t allw the AvePint Perimeter Mbile app t cllect the device s gegraphical lcatin infrmatin. Last Lcatin Displays the name f the last lcatin f the device. If the lcatin falls in the scpe f a previusly cnfigured lcatin in Manage Lcatins, the lcatin name is displayed here. If the device s last lcatin desn t fall in any scpe cnfigured in Manage Lcatins, Undefined is displayed here. If the Lcatin Service is disabled n the device, the AvePint Perimeter app cannt cllect the device s gegraphical lcatin infrmatin, and Unavailable is displayed here. Lcatin Last Updated Time The last time that the AvePint Perimeter Mbile app reprted the device s lcatin t the AvePint Perimeter management system. Last Latitude/Lngitude The crdinates f the device s last lcatin. Last Address The address prvided by the Bing Maps fr the device s last lcatin. Accuracy The accuracy f the crdinates displayed in Last latitude/lngitude. Lcatin Cllectin Exceptin Displays the exceptin details when an exceptin ccurs while cllecting the device latitude and lngitude lcatin via the device Lcatin Services. Last Lcatin Cllectin Exceptin Time Displays the time when the last exceptin ccurs while cllecting the device latitude and lngitude lcatin via the device Lcatin Services. 132

133 In the Basic Infrmatin tab, yu can als manage the status f a device by clicking the crrespnding buttns n the ribbn. Fr mre infrmatin n managing the status f a device, refer t Managing the Status f Enrlled Devices. Viewing Usage Tracking Details T view the usage tracking details f a device, click the Usage Tracking tab. Here, yu can view the activity the device has perfrmed n the SharePint items r dcuments, including the name f each accessed SharePint bject, the URL f the bject, the activity perfrmed n the bject, the time f the activity and the device s lcatin infrmatin. With Advanced Search, yu can search fr items using search criteria. T use Advanced Search, refer t Advanced Search. *Nte: Perimeter keeps the Usage Tracking data fr 60 days in the Manager Cnfiguratin database. Exprting Usage Tracking Details T exprt Usage Tracking data, click Exprt n the ribbn, select yur desired data scpe fr the exprt reprt in the pp-up windw, and then click OK. Yur brwser will prmpt yu t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. Viewing Lcatin Histry T view the lcatin histry f a device, click the Lcatin Histry tab. Here, yu can view all f the lcatin data cllected fr this device since its enrllment int this management system, including the update time f each lcatin, the crdinates, and address f the device s gegraphical lcatin. If the gegraphical lcatin falls within the scpe f a previusly cnfigured lcatin in Manage Lcatins, bth the Lcatin Name and Accuracy f the lcatin name are displayed. Viewing Actin Histry T view the actin histry f a device, click the Actin Histry tab. Here, yu can view all f the actins perfrmed n the device, including the start time, cmpleted time, initiatr, and status f each actin. If the actin failed, the exceptin details will be listed in the Exceptin Details clumn. Deleting Enrlled Devices Once a device has been Enterprise wiped, the device wner cannt lg int the AvePint Perimeter Mbile app using that device. Yu cannt reverse this actin t activate this Inactive device via AvePint Perimeter Manager. As fr the Inactive devices listed in the Manage Enrlled Devices interface, AvePint recmmends deleting the recrds f these devices fr the AvePint Perimeter management system. Yu can select the crrespnding checkbxes f the devices yu want t delete, click the pen menu ( ) buttn n 133

134 the ribbn and then click Delete frm the drp-dwn menu. Alternatively, yu can click the pen menu ( ) buttn next t the device name and then click Delete in the menu. Publishing SharePint Sites fr Accessing via Enrlled Devices T publish SharePint sites (in bth SharePint n-premises and SharePint Online), create device grups in Manage Device Grups, and then assign permissins t the device grups in Site Access. Managing Device Grups In Manage Device Grups, yu can create and manage device grups based n predefined parameters. Device grups can be dynamic r static, and are primarily used t assign device permissins t SharePint sites. T access Manage Device Grups, navigate t the Manage menu and click Manage Device Grups t enter the Manage Device Grups interface. Adding New Device Grups T add a new device grup, cmplete the fllwing steps: 1. Click Add n the ribbn t enter the New Device grup interface. 2. In the Basic Infrmatin sectin, enter the device grup name, an ptinal descriptin, and the type fr the device grup t be created. Device Grup Name Enter a name fr the device grup t be created. Descriptin Enter an ptinal Descriptin fr the grup fr future reference. Type Select the type f the device grup t be created. Dynamic If yu select this ptin, Perimeter will autmatically add the newly enrlled devices that meet the rules cnfigured belw after the device grup is created. Static If yu select this ptin, Perimeter will nt check fr newly enrlled devices after the device grup is created. The devices in this grup will nt be added autmatically. 3. In the Rule Settings sectin, cnfigure the rules fr adding devices int the device grup. After cnfiguring a rule, click Add a Rule t add anther rule, r click Remve t delete the rule. If 2 r mre rules are cnfigured, determine the lgical relatinship in the Cnditins text bx. There are tw lgic chices: And and Or. The default lgic is And. And Devices that meet all f the rules will be added int the device grup. Or Devices that meet any ne f the rules will be added int the device grup. 4. Click Preview Filter Results t preview the devices that meet the cnfigured rules. 134

135 5. Click Save t save the cnfiguratins and add the device grup, r click Cancel t exit this interface withut adding the device grup. Editing Device Grups T edit a previusly created device grup, select the crrespnding checkbx and click Edit n the ribbn, r click the pen menu buttn next t the DEVICE GROUP NAME and then click Edit in the menu. Yu can edit the fllwing cnfiguratins: 1. In the Basic Infrmatin sectin, enter the device grup name, an ptinal descriptin, and the type fr the device grup yu are editing. Device Grup Name Enter a name fr the device grup yu are editing. Descriptin Enter an ptinal Descriptin fr the grup fr future reference. Type Select the type f the device grup yu are editing. Dynamic If yu select this ptin, Perimeter will autmatically add the newly enrlled devices that meet the rules cnfigured belw after the device grup is created. Static If yu select this ptin, Perimeter will nt check fr the newly enrlled devices that meet the rules cnfigured belw after the device grup is created. The devices in this grup will nt be added autmatically. 2. In the Rule Settings sectin, cnfigure the rules fr adding devices int the device grup. After cnfiguring ne rule, click Add a Rule t add anther rule, r click Remve fllwing each rule t delete the rule. If 2 r mre rules are cnfigured, determine the lgical relatinship in the Cnditins text bx. There are tw lgical chices: And and Or. The default lgic is And. And Devices that meet all f the rules will be added int the device grup. Or Devices that meet any ne f the rules will be added int the device grup. 3. Click Preview Filter Results t preview the devices that meet the cnfigured rules. 4. Click Save t save the cnfiguratins t the device grup, r click Cancel t exit this interface withut editing the device grup. Deleting Device Grups T delete a previusly created device grup, select the crrespnding checkbx and click Delete n the ribbn. Alternatively, yu can click the pen menu buttn next t the DEVICE GROUP NAME and then click Delete in the menu. The device grup is deleted frm AvePint Perimeter management system. 135

136 Cnfiguring Site Access Permissin fr Enrlled Devices T cnfigure site access permissin fr previusly created device grups, yu must add the desired SharePint sites as managed SharePint sites int AvePint Perimeter management system and then assign permissin fr these sites t the device grups. Adding Managed SharePint Sites T add a new managed SharePint site in Site Access, navigate t the Manage menu, and then click Site Access t enter the Site Access interface. Click Add n the ribbn, and then cnfigure the fllwing settings: 1. In the Basic Infrmatin sectin, select the Site Type, and then enter the Site Display Name and Site URL/Site URL Prefix fr the managed SharePint site t be added. Macr Site assigns end-users permissins t access any sub-site under the same parent site while using the Perimeter app. T add a Macr Site, select the Macr Site checkbx and then cmplete the fllwing settings: Site Display Name Enter a display name fr the macr site t be added. This name will be displayed as the sectin name f the added sub-sites. Site URL Prefix Enter the desired parent site URL. This URL will be used as the prefix f the sub-site URL when the end-user adds a sub-site via the Perimeter app. *Nte: If an end-user has been assigned permissins t a macr site and wants t access a particular sub-site under this macr site, the user shuld access the Add a New Sub-Site feature n the Perimeter app t cnfigure the cmplete sub-site URL. T d this, enter the last part f the sub-site s URL after the Site URL prefix. If yu d nt want t add a macr site, deselect the Marc Site checkbx and then enter the fllwing: Site Display Name Enter a display name fr the managed SharePint site t be added. Site URL Enter the URL f the SharePint site yu want t add int the AvePint Perimeter management system. *Nte: Yu can nly use the same Site URL fr ne managed SharePint site. 2. In the Authenticatin Mde sectin, select the authenticatin methd fr this managed SharePint site. Autmatic Authenticatin (Windws Classic Authenticatin r Frm Based Authenticatin) and Web Lgin (Office 365 Authenticatin r ADFS Authenticatin) are available fr the Authenticatin Mde. 3. Click Save t save the cnfiguratins and add the managed SharePint site int AvePint Perimeter management system, r click Cancel t exit and g back t the Site Access interface withut adding the managed SharePint site. 136

137 Editing Managed SharePint Sites T edit a previusly created managed SharePint site, click Edit n the ribbn and then cnfigure the fllwing settings: 1. In the Basic Infrmatin sectin, select the Site Type, and then cnfigure the Site Display Name and Site URL/Site URL Prefix fr the managed SharePint site yu are editing. If the site yu are editing is a macr site, select the Macr Site checkbx and then cnfigure the fllwing settings: Site Display Name Enter a display name fr the macr site yu are editing. Site URL Prefix Enter the desired parent site URL. If the site yu are editing is nt a macr site, deselect the Marc Site checkbx and then cnfigure the fllwing settings: Site Display Name Enter a display name fr the managed SharePint site yu are editing. Site URL Enter the URL f the SharePint site yu want t add int AvePint Perimeter management system. *Nte: Yu can nly use the same Site URL fr ne managed SharePint site. 2. In the Authenticatin Mde sectin, select the authenticatin methd fr this managed SharePint site. Autmatic Authenticatin (Windws Classic Authenticatin r Frm Based Authenticatin) and Web Lgin (Office 365 Authenticatin r ADFS Authenticatin) are available fr the Authenticatin Mde. 3. Click Save t save the changes t the managed SharePint site, r click Cancel t exit and g back t the Site Access interface withut saving the changes. Managing Site Access Permissins After adding the managed SharePint sites, yu can navigate t the Permissin Assignment interface t assign and manage site access permissins t the previusly created device grups. T access the Permissin Assignment interface, select the crrespnding checkbx f the desired managed SharePint site in the Site Access interface and then click Manage Permissins n the ribbn. Yu will be brught t the Permissin Assignment interface. Assigning Site Access Permissins T assign site access permissins t a previusly created device grup, click Assign Permissins n the ribbn. In the Assign Permissins interface, cnfigure the fllwing settings: 1. In the Device Grup Name sectin, select the device grup t which yu want t assign the permissin frm the drp-dwn list. 137

138 2. In the Permissin Settings sectin, chse the Permissin Level and Share Restrictin fr the device grup s permissin. Permissin Level Chse the permissin level fr reading SharePint cntent. Online read nly With this ptin selected, the users f the device grup selected abve can nly access the SharePint cntent nline and cannt read the cntent using the stred ffline data when discnnected t the Internet. Online and ffline read With this ptin selected, the devices in the device grup selected abve can access SharePint cntent bth nline and ffline. When discnnected t the Internet, users can still read the ffline data stred in the lcal device. Share Restrictin Select the restrictins fr sharing SharePint cntent. Limited share With this ptin selected, the users f the device grup selected abve are restricted frm sharing SharePint cntent with thers. They cannt perfrm the Link, As Attachment, and Open In actins n the SharePint cntents. *Nte: When Online read nly is selected fr Permissin Level, this ptin is autmatically selected and cannt be changed. Unlimited share With this ptin selected, the users f the device grup selected abve are allwed t share the SharePint cntent with thers. They can perfrm the Add t Favrites, Link, As Attachment, and Open In actins n the SharePint cntents. 3. In the Permissin Expiratin Time sectin, specify when the permissin yu are abut t assign t the device grup will expire. Never expire This permissin never expires. Expiratin Time Select the expiratin time frm the calendar. Expire after Enter an integer in the text bx and select Days, Weeks, Mnths r Years frm the drp-dwn list. The permissin will expire after this perid. 4. Assign Permissin t Anther Device Grup Select whether t cntinue t assign permissin t anther device grup. If yu select this ptin, click Save t save the cnfiguratins and assign permissin t the selected device grup. After the permissin is successfully assigned, yu can stay n the Assign Permissins page t assign permissin t anther device grup. If yu d nt select this ptin, click Save t save the cnfiguratins and assign permissin t the selected device grup. After the permissin is successfully assigned, yu will exit this page and g back t the Manage Permissins page. If yu dn t want t assign permissin t the selected device grup, click Cancel t exit this page withut assigning permissin. 138

139 Editing Site Access Permissins Here, yu can cntrl what users will see n their device and hw/when cntent can be pened. T edit a previusly assigned site access permissin, select the crrespnding checkbx in the Permissins Assignment interface, and click Edit n the ribbn. In the Edit Permissin interface, cnfigure the fllwing settings: 1. In the Permissin Settings sectin, select the Permissin Level and Share Restrictin fr the device grup s permissin. Permissin Level Select the permissin level fr reading SharePint cntent. Online read nly With this ptin selected, the users f the device grup selected abve can nly access the SharePint cntent nline and cannt read the cntent using the stred ffline data when discnnected t the Internet. Online and ffline read With this ptin selected, the devices in the device grup selected abve can access SharePint cntent bth nline and ffline. When discnnected t the Internet, users can still read the ffline data stred in the lcal device. Share Restrictin Chse restrictins n sharing SharePint cntent. Limited share With this ptin selected, the users f the device grup selected abve are restricted frm sharing SharePint cntent with thers. They cannt perfrm the Add t Favrites, Link, As Attachment, and Open In actins n the SharePint cntents. *Nte: When Online read nly is selected fr Permissin Level, this ptin is autmatically selected and cannt be changed. Unlimited share With this ptin selected, the users f the device grup selected abve are allwed t share SharePint cntent with thers. They can perfrm the Add t Favrites, Link, As Attachment, and Open In actins n the SharePint cntents. 2. In the Permissin Expiratin Time sectin, chse when the permissin yu are editing will expire. Never expire The permissin never expires. Expiratin Time Select the expiratin time frm the calendar. Expire after Enter an integer in the text bx and select Days, Weeks, Mnths r Years frm the drp-dwn list. The permissin will expire after this perid. 3. Assign Permissin t Anther Device Grup Select whether t cntinue t assign permissin t anther device grup after saving the changes. If yu select this ptin, click Save t save the changes. After the permissin is successfully updated, yu can stay n the Assign Permissins page t assign permissin t anther device grup. 139

140 If yu d nt select this ptin, click Save t save the changes. After the permissin is successfully updated, yu will exit this page and g back t the Manage Permissins page. If yu dn t want t save the changes t this permissin, click Cancel t exit this page withut saving the changes. Remving Site Access Permissins T remve previusly created site access permissins fr a particular device grup, select the crrespnding checkbx and click Delete n the ribbn. Alternatively, yu can click the pen menu buttn next t the DEVICE GROUP NAME and then click Delete in the menu. Once the site access permissin fr a device grup is deleted, the crrespnding managed SharePint site will be remved frm the SharePint sites list in the AvePint Perimeter Mbile Apps n the devices in this device grup, and the users will n lnger be able t access the managed SharePint site via the enrlled devices. Cnfiguring Cntent Access Cntrl fr SharePint Cntent via Any Devices T cntrl SharePint cntent access t yur envirnment via any device, cnfigure the Cntent Access Plicy t create and cnfigure the access cntrl rules. This plicy prtects yur SharePint envirnment frm ptential security threats and infrmatin leaks. Prir t cnfiguring the Cntent Access Plicy, yu must cnfigure the lcatin grups and lcatins fr AvePint Perimeter used by the Cntent Access Cntrl rules in the Cntent Access Plicy. Cnfiguring Lcatin Grups In Manage Lcatin Grups, yu can create and manage the lcatin grups in which yu can add multiple custmized lcatins r gegraphic lcatins. These lcatin grups can be used as filter cnditins in the Cntent Access Plicy rules t cntrl cntent access. There are tw types f lcatin types in Perimeter: User-defined Lcatin Grup Custmized lcatin grups cnsist f the lcatins yu custmized in Manage Lcatins, which invlves manually inputting lcatin infrmatin r selecting a lcatin n the map. Gegraphic Lcatin Grup Gegraphic lcatin grups cnsist f the lcatins based n ge-plitical bundaries. T access Manage Lcatin Grups, navigate t the Manage menu and then click Manage Lcatin Grups. In the Manage Lcatin Grups interface, yu can perfrm the fllwing cnfiguratins: 140

141 Adding a New User-defined Lcatin Grup T add a new lcatin grup, select a lcatin grup type by clicking Add n the ribbn. Select Userdefined Lcatin Grup frm the drp-dwn list t access the page fr adding a new user-defined lcatin grup, and then cmplete the fllwing settings: 1. In the Basic Infrmatin sectin, enter the name and an ptinal descriptin fr the lcatin grup yu are abut t create. 2. In the Add Lcatins sectin, select yur desired custmized lcatins frm the Add Lcatins t Grup drp-dwn list. 3. Click Save t add the lcatin grup and g back t the Manage Lcatin Grups interface, r click Cancel t exit this page withut saving the cnfiguratins. Adding a New Gegraphic Lcatin Grup With a ppulated Gelcatin database, yu can cnfigure gegraphic lcatin grups based n gegraphic and plitical bundaries. T add a new gegraphic lcatin grup, select a lcatin grup type by clicking Add n the ribbn. Select Gegraphic Lcatin Grup frm the drp-dwn list, and then cmplete the fllwing settings: 1. In the Basic Infrmatin sectin, enter the name and an ptinal descriptin fr the lcatin grup yu are abut t create. 2. In the Add Lcatin sectin, select yur desired gegraphic lcatins by selecting the crrespnding Regin and District frm the drp-dwn lists. 3. Click Save t add the lcatin grup and g back t the Manage Lcatin Grups interface, r click Cancel t exit this page withut saving the cnfiguratins. Editing Lcatin Grups T edit a previusly added lcatin grup, cnfigure the fllwing settings: 1. Select the crrespnding checkbx in the LOCATION GROUP NAME clumn 2. Click Edit n the ribbn. 3. In the page fr editing the selected lcatin grup, refer t Adding a New User-defined Lcatin Grup and Adding a New Gegraphic Lcatin Grup. 4. When yu finish editing the lcatin grup, click Save t save the mdificatins and g back t the Manage Lcatin Grups interface, r click Cancel t exit this page withut saving the mdificatins. Deleting Lcatin Grups T delete previusly-added lcatin grups, select the crrespnding checkbxes in the LOCATION GROUP NAME clumn and then click Delete n the ribbn. 141

142 Cnfiguring Lcatins In Manage Lcatins, yu can create and manage lcatins and lcatin parameters used t cntrl cntent access. T access Manage Lcatins, navigate t the Manage menu and click Manage Lcatin. In the Manage Lcatins interface, yu can perfrm the fllwing cnfiguratins: Adding New Lcatins T add new lcatins, cmplete the fllwing steps: 1. Click Add n the ribbn. 2. Lcatin Name Enter a name fr the lcatin yu want t add. 3. Lcatin Grup Select the grups frm the drp-dwn list t add this lcatin. 4. Create Methd Select a methd fr creating this lcatin. Manually Input Crdinates Select this ptin t cnfigure the required lcatin infrmatin by manually inputting the crdinates. Address Enter the physical address f this lcatin yu are abut t create fr future reference. Latitude Enter the latitude f the central pint f this lcatin. Lngitude Enter the lngitude f the central pint f this lcatin. Radius Distance Specify the Radius Distance fr the lcatin yu want t add. Enter an integer in the text bx and select the unit fr the drp-dwn list. The lcatin t be added will cver the circle with this radius distance arund the central pint specified abve. Pick up lcatin frm map Select this ptin t pick up the lcatin frm Bing Maps. Click Open map and cmplete the fllwing settings t pick a lcatin in the Pick up lcatin frm map pp-up windw. i. Chse the central pint fr the lcatin yu want t add. Yu can d this in the fllwing three ways: Click n a desired pint n the Bing Maps t set a central pint. Enter a place name in the Search Lcatin bx t search fr the place that yu want t use as the central pint. Click My Current Lcatin t set yur current physical lcatin as the central pint. Once the central pint is set n the Bing Maps, yu can view the crdinates fr this central pint in the Latitude and Lngitude fields. ii. Specify the Radius Distance fr the lcatin yu want t add. Enter an integer in the text bx and select the unit fr the drp-dwn list. The lcatin t be added 142

143 will cver the circle with this radius distance arund the central pint specified in the previus step. iii. Click Save t save the cnfiguratin r click Cancel t exit this pp-up windw withut saving the cnfiguratins. iv. Address Enter the real address f this lcatin yu are abut t create fr future reference. 5. Click Save t add the lcatin r click Cancel t exit the page fr adding a new lcatin withut saving the cnfiguratins. Once the lcatin is successfully added, yu can view the newly-created lcatin in the Manage Lcatins interface. Editing Lcatins T edit a previusly-added lcatin, cnfigure the fllwing settings: 1. Select the crrespnding checkbx in the LOCATION NAME list. 2. In the View Details page, click Edit n the ribbn. 3. Enter a name fr the lcatin yu are editing in the Lcatin Name textbx. 4. Lcatin Grup Select the grups frm the drp-dwn list t add this lcatin. 5. Create Methd Select a Create Methd fr the lcatin yu are editing. Manually Input Crdinates Select this ptin t cnfigure the required lcatin infrmatin by manually inputting the fllwing infrmatin: Address Enter the physical address f this lcatin fr future reference. Latitude Enter the latitude f the central pint f this lcatin. Lngitude Enter the lngitude f the central pint f this lcatin. Radius Distance Specify the Radius Distance fr the lcatin yu want t add. Enter an integer in the text bx and select the unit frm the drp-dwn list. The lcatin t be added will cver the circle with this radius distance arund the central pint specified abve. Pick up lcatin frm map Select this ptin t pick up the lcatin frm the Bing Maps. Click Open map and cmplete the fllwing settings t pick a lcatin in the Pick up lcatin frm map pp-up windw. i. Chse the central pint fr the lcatin yu are editing. Yu can d this in the fllwing three ways: Click n a desired pint n the Bing Maps t set a central pint. Enter a place name in the Search Lcatin bx t search fr the place that yu want t use as the central pint. 143

144 Click My Current Lcatin t set yur current physical lcatin as the central pint. Once the central pint is set n the Bing Maps, yu can view the crdinates fr this central pint in the Latitude and Lngitude fields. ii. Specify the Radius Distance fr the lcatin yu are editing. Enter an integer in the text bx and select the unit frm the drp-dwn list. The lcatin yu are editing will cver the circle with this radius distance arund the central pint specified in the previus step. iii. Click Save t save the changes t this lcatin r click Cancel t exit the pp-up windw fr editing a lcatin withut saving the changes. iv. Address Enter the real address f this lcatin yu are editing fr future reference. Click Save t save the changes t this lcatin r click Cancel t exit the page fr editing a lcatin withut saving the changes. Deleting Lcatins T delete a previusly-added lcatin, select the crrespnding checkbx fr the desired lcatin in the Manage Lcatins interface and then click Delete n the ribbn. Applying the Bing Maps Key If yu want t use Bing Maps t detect lcatin, a Bing Maps key is required. T request a Bing Maps Key, g t the Create a Bing Maps Key page. T authenticate AvePint Perimeter using Bing Maps Key, cmplete the fllwing steps: 1. Frm within the Perimeter Manager, navigate t Manage > Manage Lcatins. 2. Click Add t add a new lcatin. 3. In the Lcatin Settings sectin, select Pick up Lcatin frm map, and click Open map. The Pick up lcatin frm map windw appears. 4. Click Cnfigure Bing Maps Key n the ribbn. The Cnfigure the Bing Maps Key pp-up windw appears. 5. In the Cnfigure the Bing Maps Key pp-up windw, enter yur Bing Maps key int the text bx. 6. Click Save t save the cnfiguratin. 7. Refresh the page t have the Bing Maps key take effect. 144

145 Cnfiguring Cntent Access Plicies With lcatins cnfigured in Manage Lcatins and Manage Lcatin Grups, yu can start t cnfigure the Cntent Access Plicy fr SharePint On-Premises and Active Directry Federatin Services (ADFS) by using the SharePint Plicy and Federatin Plicy features. Cnfiguring a SharePint Plicy T access SharePint Plicy, navigate t the Manage menu and then click Cntent Access Plicy. In the SharePint Plicy interface, yu must first cnfigure the Cntent Access Plicy rules fr yur SharePint On-Premises farms at the zne level. Perimeter prvides fur Cntent Access Plicy features fr the zne level: 2-Factr Authenticatin, Cntent Access Cntrl, Cntent Access Lgging and Web Services Blcking. By default, the cnfiguratins at the zne level will be applied t all f the ndes under the zne. If the Cntent Access Cntrl feature is enabled fr a particular zne, yu can cntinue t cnfigure the Cntent Access Cntrl rules fr the site cllectins belw this zne individually. Cnfiguring SharePint Plicy Rules at Zne Level T cnfigure the Cntent Access Plicy rules at zne level, expand the scpe tree t the zne level, select the zne by clicking the crrespnding ptin buttn and then click Cnfigure t access the interface fr cnfiguring the Cntent Access Plicy features fr this zne. Yu can cnfigure the features fr this zne by cmpleting the fllwing steps: 1. Select the features yu want t cnfigure fr this zne by selecting the crrespnding checkbxes and then click Next t cnfigure the selected features. 2. Cnfigure the rules fr the features selected in the previus step. Refer t the sectin belw t cnfigure the fllwing fur features: Cnfigure settings fr 2-Factr Authenticatin 2-Factr Authenticatin is a security prcess by which users prvide tw means f identificatin t access the SharePint sites, ne f which is the rganizatin passwrd and the ther the access passwrd generated by the enrlled device. If yu activate this feature fr a zne withut cnfiguring any 2-factr authenticatin rules, all visitrs must authenticate t the sites within this zne using bth the rganizatin credentials and the access passwrds generated by the enrlled devices. The default timeut perid fr 2-Factr authenticatin t the sites within this zne is 60 minutes. Users will be required t reauthenticate the access passwrd t the site if there is n activity fr 60 minutes frm the last authenticatin time. If desired, yu can cnfigure yur desired time ut perid in the Cnfigure a Timeut Perid fr 2-Factr Authenticatin area f the 2-Factr Authenticatin interface. T allw specific users/grups t authenticate t this zne using any devices, yu can cnfigure rules t allw them t generate access passwrd via the brwser. T cnfigure 145

146 the rules, cmplete the fllwing steps in the Rule Settings fr 2-Factr Authenticatin sectin: i. Click Add a Rule t cnfigure a new rule. ii. User Enter the user/grup t receive the new rule. iii. Allw User s Brwer t Generate Access Passwrd Chse whether t allw the specified user/grup t generate an access passwrd using any brwser. *Nte: T track the lcatin f users/grups wh are allwed t generate access passwrd using brwsers, AvePint strngly recmmends that the users turn n their brwsers lcatin services t enable AvePint Perimeter t track their physical lcatin via the brwser. T enable lcatin services n Internet Explrer, ensure that the Never allw websites t request yur physical lcatin ptin in the Privacy tab f Internet Optins is unselected. T enable the lcatin service n Chrme, ensure the Ask me when a site tries t track my physical lcatin (recmmended) r Allw all sites t track my physical lcatin ptin is selected. iv. Descriptin Enter an ptinal descriptin fr this rule. v. After cnfiguring ne rule, click Add a Rule t add anther rule, r click the Delete buttn t delete the rule. *Nte: If 2 r mre rules are cnfigured, cnfigure the Pririty f these rules. If the user/grup wh is trying t access the SharePint sites meets the criteria in multiple rules, Perimeter will nly apply the rule with the highest pririty. vi. Click Next t save the cnfiguratins and cntinue t cnfigure the next feature. Rules fr Cntent Access Cntrl Cntent Access Cntrl is used t cntrl SharePint access based n a user s username, access pint s, platfrm and device mdel, and lcatin infrmatin. If yu activate this feature fr a zne withut cnfiguring any Cntent Access Cntrl rules, access t this zne is allwed fr all users. Fllw the steps belw t cnfigure the Cntent Access Cntrl rules: i. Click Add a Rule t cnfigure a new rule. ii. Specify the Platfrm, Mdel, Lcatin type, Lcatin, and User f the access attempts t which this rule is applied. iii. Actin Chse the actin t cntrl access t the SharePint sites in this zne. Yu have the fllwing ptins: Allw Allw the access t the SharePint sites within this zne. Warning Prmpt a warning message befre the user lgin the SharePint sites within this zne. 146

147 Blck Blck the access t the SharePint sites within this zne. iv. Descriptin Enter an ptinal descriptin fr this rule. v. After cnfiguring ne rule, click Add a Rule t add anther rule, r click the Delete buttn t delete the rule. *Nte: If 2 r mre rules are cnfigured, cnfigure the Pririty f these rules. If the access attempt t the SharePint sites meets the criteria in multiple rules, Perimeter will nly apply the rule with the highest pririty. vi. Click Next t save the cnfiguratins and cntinue t cnfigure the next feature. Rule Settings fr Cntent Access Lgging Use Cntent Access Lgging t chse whether r nt t lg users wh access the selected URLs. If yu activate this feature fr a zne withut cnfiguring any Cntent Access Lgging rules, all users wh access sites within this zne are lgged. Fllw the steps belw t cnfigure the rules: i. Click Add a Rule t cnfigure a new rule. ii. Enter the criterin fr the URLs t which this rule is applied by filling in the Cnditin and Value fields. iii. Actin Chse whether r nt t lg users wh access the ULRs that meet the criterin cnfigured in the previus step. iv. Descriptin Enter an ptinal descriptin fr this rule. v. After cnfiguring ne rule, click Add a Rule t add anther rule, r click the Delete buttn t delete the rule. *Nte: If 2 r mre rules are cnfigured, cnfigure the Pririty f these rules. If a URL meets the criteria in multiple rules, Perimeter will nly apply the rule with the highest pririty. vi. Click Next t save the cnfiguratins and cntinue t cnfigure the next feature. Rule Settings fr Web Services Blcking Use Blck Web Services t blck the user clients frm accessing SharePint Web Services. If yu activate this feature fr a zne withut cnfiguring any rules, all access t SharePint Web Services is blcked. Yu can cnfigure rules t allw user clients access t SharePint Web Services. Fllw the steps belw t cnfigure the rules: i. Click Add a Rule t cnfigure a new rule. ii. Enter the criterin fr the user clients User Agent t which this rule is applied by filling in the Cnditin and Value fields. iii. Actin Chse t blck r allw the user clients access. iv. Descriptin Enter an ptinal descriptin fr this rule. 147

148 v. After cnfiguring ne rule, click Add a Rule t add anther rule, r click the Delete buttn t delete the rule. *Nte: If 2 r mre rules are cnfigured, cnfigure the Pririty f these rules. If a user client meets the criteria in multiple rules, Perimeter will nly apply the rule with the highest pririty. 3. Click Finish t save the cnfiguratins and g back t the SharePint Plicy interface, click Back t change any f the previus cnfiguratins, r click Cancel t abandn all cnfiguratins and exit the interface fr cnfiguring the Cntent Access Plicy features. Cnfiguring Cntent Access Cntrl Rules at Site Cllectin Level After the Cntent Access Cntrl feature is cnfigured fr a Web applicatin zne, the cnfiguratins at the zne level will be applied t all f the ndes under the zne. Yu can cntinue t cnfigure the Cntent Access Cntrl rules fr individual site cllectins in the zne. When creating rules, be aware that the rder the rules are in dictates the rule pririty. Prir t cnfiguring Cntent Access Cntrl rules fr a site cllectin, yu must ensure the Cntent Access Cntrl feature has been cnfigured fr the zne where this site cllectin resides. T cnfigure Cntent Access Cntrl rules fr a site cllectin, expand the scpe tree t the site cllectin nde, click Cntent Access Cntrl in the Feature pane t enter the Rules fr Cntent Access Cntrl interface, and then cmplete the fllwing steps t cnfigure the rules fr this feature: 1. Click Add a Rule t cnfigure a new rule. 2. Specify the Platfrm, Mdel, Lcatin Type, Lcatin, and User f the access attempts t which this rule is applied. 3. Actin Chse the actin fr access t this site cllectin. Yu have the fllwing ptins: Allw Allw the access t this site cllectin. Warning Prmpt a warning message befre the user lgs int this site cllectin. Blck Blck the access t this site cllectin. 4. Descriptin Enter an ptinal descriptin fr this rule. 5. After cnfiguring a rule, click Add a Rule t add anther rule, r click the Delete buttn t delete the rule. *Nte: If 2 r mre rules are cnfigured, cnfigure the Pririty f these rules. If the access attempt t the SharePint sites meets the criteria in multiple rules, Perimeter will nly apply the rule with the highest pririty. Click Save t save the cnfiguratins and g back t the SharePint Plicy interface, r click Cancel t abandn the cnfiguratins and exit this interface. 148

149 Cnfiguring 2-Factr Authenticatin fr the SharePint Objects Allwing Annymus Authenticatin If a SharePint bject allws annymus access, the 2-Factr Authenticatin feature (by default) des nt take effect n users wh annymusly access this bject. Yu can enable the 2-Factr Authenticatin feature fr thse bjects that allw annymus access at the Web applicatin zne/site cllectin/site/list/item level by making sme additinal cnfiguratins. T make the 2-Factr Authenticatin feature wrk prperly fr thse bjects yu must first enable the 2-Factr Authenticatin feature fr the Web applicatin zne where the bjects reside, and then cnfigure the SharePint zne s Web.cnfig file by cmpleting the fllwing steps: 1. With the 2-Factr Authenticatin feature enabled fr the Web applicatin zne where the bjects reside, navigate t the physical path f the zne s IIS website and pen the Web.cnfig file with Ntepad. 2. Lcate the <twfactrauthenticatin> nde. 3. Add the URLs f the bjects int the value fr annymussites as shwn in the screensht belw: Figure 7: Cnfiguring the <twfactrauthenticatin> nde in the Web.cnfig file. *Nte: Yu can add multiple URLs in the nde by separating them with a semicln. Save the mdificatin and clse the file. The 2-Factr Authenticatin will nw wrk prperly n these bjects. The visitrs must prvide the access passwrd in the Authenticatin page t authenticate the bjects. Viewing and Managing Agent Status fr Cntent Access Plicy Features If yu have cnfigured a Cntent Access Plicy feature fr a Web applicatin zne, this feature will be enabled n each AvePint Perimeter Agent fr this zne. Yu can view the Agent Status fr each Cntent Access Plicy feature n the zne s AvePint Perimeter Agents. T view and manage the Agent status fr Cntent Access Plicy features n a zne, cmplete the fllwing steps: 1. Select the desired zne n the scpe tree by clicking the crrespnding checkbx and hver the cursr ver Agent Status n the ribbn t lad the drp-dwn list fr the fur features. 2. Click n the feature name fr which the Agent status yu want t view and manage. Then yu will be brught t the Agent Status interface. 149

150 3. In the Agent Status interface, yu can view the Agent Name f each Agent fr the selected zne and the status f the selected feature n this Agent. 4. Yu can manage the Agent status with the fllwing ptins: Deactivate If the status fr a feature is Active n an Agent, yu can deactivate this feature by clicking Deactivate n the ribbn. The status becmes Inactive, and this feature n the Agent is deactivated. Activate If the status fr a feature is Inactive n an Agent, yu can activate this feature by clicking Activate n the ribbn. The status becmes Active. Cnfiguring the Federatin Plicy The Federatin Plicy prvides 2-Factr Authenticatin and Authenticatin Cntrl fr yur Active Directry Federatin Services (ADFS) authenticatin prcess. T access Federatin Plicy, fllw the steps belw: 1. Navigate t the Manage menu and then click Federatin Plicy. In the Federatin Plicy interface, yu can cnfigure 2-Factr Authenticatin and Authenticatin Cntrl rules fr yur ADFS servers at the relying party level. 2. T cnfigure the Federatin Plicy fr a relying party, cmplete the fllwing steps: 3. Expand the scpe tree t the relying party level and select the desired relying party by selecting the crrespnding ptin buttn. 4. Click Cnfigure n the ribbn. 5. In the Enable Federatin Plicy sectin, select whether t enable the Federatin Plicy features fr this relying party. When yu select Enable, the 2-Factr Authenticatin and Authenticatin Cntrl features are enabled fr this relying party. Rules Settings fr Rules fr 2-Factr Authenticatin If yu activate this feature fr a relying party withut cnfiguring any 2-factr authenticatin rules, all visitrs must prvide bth the rganizatin credentials and the access passwrds generated by the enrlled devices during the authenticatin prcess fr this replying party. T allw users/grups t authenticate t this relying party using any devices, yu can cnfigure rules t allw them t generate access passwrd via a brwser. T cnfigure the rules, cmplete the fllwing steps: i. Click Add a Rule t cnfigure a new rule. ii. Enter the Claim Name and Claim Value cnfigured in this relying party's Issuance Transfrm Rules n the ADFS server t filter the users r grups wh are allwed t r restricted frm generate access passwrd via using brwsers via any device. *Nte: Wildcards? and * are supprted in the Claim Value text bx.? stands fr any single character, and *stands fr the character string f any length. If the 150

151 desired claim value cntains?,*, r /, add an escape character / befre the?,*,r /. iii. Allw User s Brwer t Generate Access Passwrd Chse whether t allw the specified user/grup t generate an access passwrd using any registered device s brwser. *Nte: T track the physical lcatin f users/grups wh are allwed t generate access passwrd using brwsers, users must turn n their brwser lcatin services. iv. Descriptin Enter an ptinal descriptin fr this rule. v. After cnfiguring ne rule, click Add a Rule t add anther rule, r click the Delete buttn t delete the rule. *Nte: If 2 r mre rules are cnfigured, cnfigure the Pririty f these rules. If a user wh is trying t access this relying party meets the criteria in multiple rules, Perimeter will nly apply the rule with the highest pririty. Rule Settings fr Authenticatin Cntrl This feature prvides additinal authenticatin cntrl after the 2-Factr Authenticatin prcess fr this relying party based n the access pint s platfrm, device mdel and lcatin, and the used accunt s claim name and claim value f the access attempt. If yu activate this feature fr the relying party withut cnfiguring any Authenticatin Cntrl rules, all access attempts that pass the 2-factr authenticatin t this relying party will be allwed. Yu can cnfigure rules t cntrl access t this relying party by blcking r allwing particular access attempts based n the criteria. Fllw the steps belw t cnfigure the Authenticatin Cntrl rules: i. Click Add a Rule t cnfigure a new rule. ii. Specify the Platfrm, Mdel, Lcatin Type, Lcatin, Claim Name, and Claim Value f the access attempts t which this rule is applied. iii. Actin Chse t Allw r Blck access attempts by this relying party. iv. Descriptin Enter an ptinal descriptin fr this rule. v. After cnfiguring ne rule, click Add a Rule t add anther rule, r click the Delete buttn t delete the rule. *Nte: If 2 r mre rules are cnfigured, cnfigure the Pririty f these rules. If a user wh is trying t access this relying party meets the criteria in multiple rules, Perimeter will nly apply the rule with the highest pririty. 6. Click Save t save the cnfiguratins and g back t the Federatin Plicy interface. 151

152 Managing Internal Users Internal users are cnsidered Active Directry end-users wh belng t the same Active Directry dmain with the SharePint farms where the Perimeter management system is deplyed. In Manage Internal Users, yu can view the detailed infrmatin f all f the registered internal users in this Perimeter management system, synchrnize the Active Directry users int the management system and send an enrllment request t a particular user. T access Manager Internal Users, navigate t the Manage menu, and then click Manage Internal Users. In Manage Internal Users, yu can view a list f the user infrmatin cllected when the internal end-users enrll their mbile devices, access the SharePint sites managed by the Cntent Access Plicy features, use the AvePint Perimeter Pr Secured Share feature t share files, flders, and libraries with thers frm SharePint sites, and when the administratrs cnfigure the Active Directry users as criteria fr Cntent Access Plicy rules. The user infrmatin in the Manage Internal Users interface includes the username, address, the number f enrlled devices, the last time when this user shared SharePint bjects thrugh the AvePint Perimeter Secured Share feature, lcatin name, and the crdinates f the user s last lcatin. Viewing User Details T view the detailed infrmatin f a particular user, click the desired username in the Manage Users interface t enter the User Details page. In the Basic Infrmatin tab, yu can view the user s general infrmatin in the Active Directry and the latest lcatin infrmatin f the enrlled device r brwser used t access SharePint sites managed by this management system. In the Lcatin Histry tab, yu can view the lcatin data f all f the enrlled devices r brwsers used by this user t access SharePint sites managed by this management system. In the Mange Users interface, yu can als perfrm the fllwing peratins: View device details f a specified user T view the detail infrmatin f the enrlled devices belnging t a particular user, click the link in the Enrlled Devices clumn t enter the Manage Enrlled Devices interface. The enrlled devices belnging t the user are listed. View and manage the enrlled devices by referring t Managing Enrlled Devices. Send enrllment request t a specified user T send an enrllment request t a selected user in the list, select the desired user by clicking the crrespnding checkbx and then click Enrll New Device n the ribbn. Alternatively, yu can click the pen menu buttn next t the username and click Enrll in the menu. Then yu will be brught t the Enrll New Device interface t cnfigure a new enrllment request send t this user. Refer t Sending an Individual Device Enrllment Request fr mre infrmatin. 152

153 Synchrnizing Active Directry Users T synchrnize Active Directry users int AvePint Perimeter management system, click Synchrnize AD users n the ribbn t enter the Synchrnize Active Directry Users interface and cmplete the fllwing steps: 1. Dmain Cntrller Address Enter the address f the dmain cntrller f the LDAP directry frm where yu want t synchrnize the Active Directry users. 2. Username Enter the username f the Active Directry accunt yu want t use t synchrnize the Active Directry users. Make sure that the accunt specified here have read permissin in yur crprate directry. The Perimeter Agent will use this accunt when authenticating t the cperate directry. 3. Passwrd Enter the passwrd fr the accunt specified abve. 4. Dmain Scpe Chse the dmain scpe frm which the Active Directry user will be synchrnized int AvePint Perimeter management system. Imprt users frm all dmains in the same frest and the trusted dmains Select this ptin t imprt the Active Directry users frm all dmains in the same frest and the trusted dmains Cnfigure the search rts list myself Select this ptin t cnfigure which users will be synchrnized using the LDAP Distinguished Names (DN). 5. Schedule Settings In the Schedule Settings sectin, chse ne f the fllwing ptins: Synchrnize immediately With this ptin selected, the synchrnizatin jb will be initiated immediately when yu click Save. Cnfigure a schedule With this ptin selected, yu can cnfigure the schedule fr synchrnizing the Active Directry users as fllws: Schedule Type Select the interval at which the synchrnizatin jb runs: By hur, By day, By week, r By mnth. Interval Set up the frequency fr the schedule by entering an integer in the text bx. Start Time Specify the time f the day when Perimeter starts t synchrnize the Active Directry users. If yu select By mnth, cnfigure the Specify the start time by day f the week and Specify the start time by date fields. Fr mre infrmatin, see the Cnfiguring Advanced Start Time Settings sectin. 6. Click Save t save the cnfiguratins and g back t the Manage Users interface. Click Cancel t abandn the cnfiguratins and exit the Synchrnize Active Directry Users interface. Managing External Users External users are end-users wh are utside yur rganizatin s Active Directry dmain. Perimeter administratr can add external users thrugh Perimeter Management Cnsle, r external users can 153

154 manually register t the Perimeter management system by registering t the AvePint Perimeter External Prtal r enrlling their mbile devices. In Manage External Users, yu can view the infrmatin Perimeter cllects when the external users register t the AvePint Perimeter External Prtal, enrll their mbile devices t this AvePint Perimeter management system, and use the Perimeter apps n their mbile devices. T access Manage External Users, navigate t the Manage menu, and then click Manage External Users. In Manage External Users, yu can view a list f the external users wh have been added r have registered t the AvePint Perimeter External Prtal r enrlled their mbile devices int the AvePint Perimeter management system. The user infrmatin in the Manage External Users interface includes the username, address, number f enrlled devices f each user, the infrmatin f the user s last lcatin cllected by the Perimeter mbile apps, and the user s status. Adding External Users In the Manage External Users interface f AvePint Perimeter Manager, yu can manually add an external user individually r add external users in bulk by imprting a CSV file that cntains all f the external users. T access the interface t manage external users, navigate t Manage > Users/Accunts > Manage External Users. Refer t the instructins belw fr adding an external user individually r adding external users in bulk. Adding an External User Individually Cmplete the steps belw t add an individual external user. 1. In the Manage External Users interface, click Add n the ribbn and then select Add User frm the drp-dwn list. The Add interface appears. 2. Basic Infrmatin Enter the username, address, and the first name and last name f the external user that yu want t add. All f the Basic Infrmatin fields are mandatry fields. 3. Cntact Infrmatin The settings in this sectin are ptinal. Yu can enter the Phne Number, Cuntry/Regin, Organizatin, City, and Pstal Cde fr this external user. 4. Custm Prperties Infrmatin Enter the custm prperty infrmatin fr this external user as needed. 5. Click Save t save this external user, r click Cancel t exit this interface. Adding External Users in Bulk Cmplete the steps belw t add external users in bulk via a predefined CSV file. 1. In the Manage External Users interface, click Add n the ribbn and then select Bulk Add frm the drp-dwn list. The Bulk Add interface appears. 2. In the Step 1 field, click Dwnlad the template link t dwnlad a template file fr adding external users in bulk. 154

155 3. The Save As windw appears. Brwse a lcatin t stre the template file. Click Save. 4. Open the template file using Excel. There are fur mandatry clumns: UserName Enter the User ID f the external user that yu want t add. Address Enter the external user s address next t the User ID. When entering the address, fllw the address frmat: username@dmain.cm. FirstName Enter user s first name. LastName Enter user s last name. 5. Enter the username, address, first name, last name, and the ther ptinal user infrmatin int the template file. 6. Save the CSV file. 7. In the Step 2 field, click the Brwse buttn. Select the cnfigured CSV file that cntains all f the external users that yu want t add in bulk. Click Open. 8. Click Apply n the ribbn t imprt the external users int AvePint Perimeter Manager. After the imprt is cmplete, the Manage External Users interface will display fr yu t view the external users. The Status f the newly added external users will be Pending Registratin befre they sign up t the Perimeter External Prtal. Viewing User Details T view the detailed infrmatin f an external user, click the desired username in the Manage External Users interface t enter the User Details page. In the Basic Infrmatin tab, yu can view the user s general infrmatin cnfigured when the user registered t the AvePint Perimeter External Prtal and the latest lcatin infrmatin f the enrlled device. In the Lcatin Histry tab, yu can view the lcatin data cllected by the Perimeter mbile apps n the user s enrlled devices. T view the detailed infrmatin f the enrlled devices belnging t an external user, click the link in the Enrlled Devices clumn t enter the Manage Enrlled Devices interface. The enrlled devices belnging t the external user are listed. View and manage the enrlled devices by referring t Managing Enrlled Devices. Editing an External User Prfile T edit the prfile f a specific external user, cmplete the fllwing steps: 1. Select the desired user by selecting the checkbx next t the username and clicking Edit Prfile n the ribbn t access the Edit Prfile page f the selected user. 2. In the Edit Prfile page, yu can edit the fllwing infrmatin f the user: 155

156 Basic Infrmatin Edit the First Name and Last Name f the selected user. Cntact Infrmatin Edit the phne number, address infrmatin, and pstal cde f the selected user. Custm Prperties Infrmatin Edit the custm prperties f the selected user cnfigured in the SecureShareCnfig.xml file in the bin\cnfig flder under the installatin path f the AvePint Perimeter Manager. 3. When yu finish editing the prfile f the selected user, click Save t save the mdificatins and return t the Manager External Users interface. Click Cancel t exit this page withut saving the mdificatins. Managing the Status f External Users T manage the status f an external user, yu can perfrm the fllwing actins: Disabling an External User When the STATUS f an external user is Active, the Disable ptin is available n the ribbn. A disabled user cannt lg int the AvePint Perimeter External Prtal r run the Perimeter app n an enrlled mbile device. T disable an external user, fllw the steps belw: 1. Select the desired external user by selecting the checkbx next t the crrespnding USERNAME. 2. Click Disable n the ribbn. 3. Once the Disable actin is cmpleted, the STATUS f the user becmes Disabled. Enabling an External User T allw a Disabled external user t lg int the AvePint Perimeter External Prtal and use the Perimeter mbile app n an enrlled device, yu need t enable the user. T enable an external user, cmplete the fllwing steps: 1. Select the desired external user by selecting the checkbx next t the crrespnding USERNAME. 2. Click Enable n the ribbn. Once the Enable actin is cmpleted, the STATUS f the user becmes Active. Deleting an External User T delete an external user frm the AvePint Perimeter management system, select the crrespnding checkbx f the user yu want t delete and click Delete n the ribbn. 156

157 Resending Activatin s Using the Resend Activatin feature, yu can resend an AvePint Perimeter External Prtal - Accunt Activatin t a user wh requests a new activatin fr activating AvePint Perimeter External Prtal accunt. A user might need a new activatin in either f the fllwing situatins: After submitting the Accunt Registratin infrmatin fr AvePint Perimeter External Prtal, the user des nt receive an AvePint Perimeter External Prtal - Accunt Activatin . The user received the AvePint Perimeter External Prtal - Accunt Activatin , but the activatin URL in the received expires. T resend the AvePint Perimeter External Prtal - Accunt Activatin t particular users, cmplete the fllwing steps: 1. Select the crrespnding checkbxes f the desired users. 2. Click Resend Activatin . A cnfirmatin windw appears. 3. Click OK t resend the activatin s t the selected users. Activating an External User If an external user has signed up t the Perimeter External Prtal but this user has nt yet activated the accunt, the Perimeter administratr can activate the user accunt thrugh the Management Cnsle as well as resend the activatin t the external user. T activate the external user accunts that have been signed up in the Perimeter External Prtal but are pending activatin, cmplete the steps belw: 1. Select an external user accunt that is in the Pending status. 2. Click Activate n the ribbn. A cnfirmatin windw appears. 3. Click OK t activate the user accunt. The external user will nt receive ntificatin f the accunt activatin thrugh the Perimeter Management Cnsle. Managing Lgin Accunts In the Manage Lgin Accunts interface, yu can view infrmatin n each accunt that lgs int sites that are cntrlled by this Perimeter management system. An end-user f AvePint Perimeter may use different lgin names t lg int sites with different authenticatin methds, such as Windws Authenticatin and Claims Bases Authenticatin. Yu can assign this end-user multiple lgin accunts. T access Manage Lgin Accunt, navigate t the Manage menu, and then click Manage Lgin Accunts. In the Manage Lgin Accunts interface, yu can view a list f accunt infrmatin cllected 157

158 when they lgin the sites cntrlled by this management system. The accunt infrmatin in this interface includes this accunt s Lgin Name, the accessed site s Applicatin Type and Applicatin URL, the access pint s Last Lcatin, Last Regin, and Last District, and the User that is assigned t the accunt. Viewing Lgin Accunt Details T view the detailed infrmatin f a lgin accunt, click the desired LOGIN NAME in the Manage Lgin Accunts interface t enter the Lgin Accunt Details page. In the Basic Infrmatin tab, yu can view the fllwing infrmatin n the accunt: General Infrmatin Displays this accunt s general infrmatin in the Active Directry. Lcatin Infrmatin Displays the latest lcatin infrmatin f the enrlled device r brwser used t access the sites managed by this management system. Accunt Claims Infrmatin Displays this accunt s Claims infrmatin used fr Claims Based Authenticatin. *Nte: This sectin is available when the accunt is used t authenticate t a Claims Bases Authenticatin site. In the Lcatin Histry tab, yu can view the lcatin data f all f the enrlled devices r brwsers used by this user t access the sites managed by this management system. Assigning a User fr Lgin Accunts T assign a user fr a particular lgin accunt, click Assign User n the ribbn t access the Assign User fr Lgin Accunt page and then cmplete the fllwing steps: 1. In the Select a User search bx, enter the keywrd f the username f the desired end-user yu want t assign fr the selected lgin accunts. 2. Select the desired user by clicking the matched results in the drp-dwn list. 3. Click Save n the ribbn t assign the selected user fr this lgin accunt and g back t the Manage Lgin Accunts interface, r click Cancel t exit this page withut assigning the selected user. Sharing Files with Grups f Users via Virtual Views T share a set f SharePint files based n predefined criteria with a grup f users in bulk, create user access grups cntaining bth internal users and external users in Manage User Access Grups, create virtual views f SharePint files, and then assign permissins t the user access grups in Virtual Views. 158

159 Managing User Access Grups In Manage User Access Grups, yu can create and manage user access grups based n predefined parameters. User access grups can be dynamic r static, and are primarily used t assign shared permissins t the SharePint files in virtual views. T access Manage User Access Grups, navigate t the Manage menu and click Manage User Access Grups t enter the Manage User Access Grups interface. Add New User Access Grups T add a new user access grup, cmplete the fllwing steps: 1. Click Add n the ribbn t enter the New User Access Grup interface. 2. In the Basic Infrmatin sectin, enter the user access grup name, an ptinal descriptin, and the type fr the user access grup t be created. User Access Name Enter a name fr the user access grup t be created. Descriptin Enter an ptinal Descriptin fr the grup fr future reference. Type Select the type f the user access grup t be created. Dynamic If yu select this ptin, Perimeter will autmatically add the new users that meet the rules cnfigured belw after the user access grup is created. Static If yu select this ptin, Perimeter will nt autmatically check fr new users after the user access grup is created. The users in this grup will nt be added autmatically. 3. In the Rule Settings sectin, cnfigure the rules fr adding users int the user access grup. After cnfiguring a rule, click Add a Rule t add anther rule, r click Remve fllwing each rule t delete the rule. If 2 r mre rules are cnfigured, determine the lgical relatinship in the Cnditins text bx. There are tw lgic chices: And and Or. The default lgic is And. And Users that meet all f the rules will be added int the user access grup. Or Users that meet any ne f the rules will be added int the user access grup. *Nte: Yu must ensure that each internal user yu add int this user access grup has an e- mail address cnfigured in the Active Directry Dmain Cntrller. Otherwise, the internal users will nt receive ntificatins fr shared virtual views that are shared with this user access grup. 4. Click Preview Filter Results t preview the users that meet the cnfigured rules. 5. Click Save t save the cnfiguratins and add the user access grup, r click Cancel t exit this interface withut adding the user access grup. 159

160 Editing User Access Grups T edit a previusly created user access grup, cmplete the fllwing steps: Select the crrespnding checkbx next t the desired user access grup and click Edit n the ribbn t access the Edit User Access Grup page. 2. In the Basic Infrmatin sectin, enter the user access grup name, an ptinal descriptin, and the type fr the user access grup yu are editing. User Access Name Enter a name fr the user access grup yu are editing. Descriptin Enter an ptinal Descriptin fr the grup fr future reference. Type Select the type f the user access grup yu are editing. Dynamic If yu select this ptin, Perimeter will autmatically add the new users that meet the rules cnfigured belw after the user access grup is created. Static If yu select this ptin, Perimeter will nt check fr the new users that meet the rules cnfigured belw after the user access grup is created. The users in this grup will nt be added autmatically. 3. In the Rule Settings sectin, cnfigure the rules fr adding users int the user access grup. After cnfiguring ne rule, click Add a Rule t add anther rule, r click Remve fllwing each rule t delete the rule. If 2 r mre rules are cnfigured, determine the lgical relatinship in the Cnditins text bx. There are tw lgics chices: And and Or. The default lgic is And. And Users that meet all f the rules will be added int the device grup. Or Users that meet any ne f the rules will be added int the device grup. *Nte: Yu must ensure that each internal user yu add int this user access grup has an e- mail address cnfigured in the Active Directry Dmain Cntrller. Otherwise, the internal users will nt receive ntificatins fr shared virtual views that are shared with this user access grup. 4. Click Preview Filter Results t preview the users that meet the cnfigured rules. 5. Click Save t save the cnfiguratins t the user access grup, r click Cancel t exit this interface withut editing the user access grup. Deleting User Access Grups T delete a previusly created user access grup, select the crrespnding checkbx and click Delete n the ribbn. Alternatively, yu can click the pen menu buttn next t the USER ACCESS GROUP NAME and then click Delete in the menu. Then the user access grup is deleted frm AvePint Perimeter management system.

161 Viewing Users f a User Access Grup T view the users included in a user access grup in the Manage User Access Grups interface, click the pen menu ( ) buttn f the desired user access grup, and then click View All Users in the menu. A pp-up windw appears, and all f the users included in this grup are displayed in the windw. Cnfiguring Virtual Views fr Sharing Files in Bulk T share a set f SharePint files with the users in the previus created user access grups, yu must add the desired SharePint files int virtual views and then share the virtual views with the user access grups by assigning permissins fr the virtual views t the user access grups. Adding Virtual Views T add a new virtual view in Virtual Views, navigate t the Manage menu, and then click Virtual Views t enter the Virtual Views interface. Click Add n the ribbn, and then cnfigure the fllwing settings: 1. In the Basic Infrmatin sectin, cnfigure the fllwing infrmatin f the virtual view yu want t create. Virtual View Display Name Enter the name f the virtual view yu want t create. Site URL Enter the URL f the site where the files yu want t add int the virtual view. *Nte: Yu must ensure the SharePint Search Service crawling is started fr the entered site. Authenticatin Methd Select the authenticatin methd used by the SharePint zne where this entered site resides. Windws Authenticatin, Frms-Based Authenticatin, and Trusted Identity Prvider are available fr the Authenticatin Methd. Username and Passwrd Enter the credentials f the SharePint user used t retrieve the metadata prperties f the all f the files within the entered site abve. Yu must ensure the entered user has at least Read permissin t the site. 2. Click Validatin Test t verify whether the entered infrmatin abve is valid. 3. In the Virtual View Settings sectin, cmplete the fllwing steps t create flders in this virtual view and add SharePint files int the flders based n metadata rules. a. Click New Flder t add a new flder in the Flder Name clumn. b. Enter the name f the new flder, and press Enter t save the name. c. Refer t Creating r Editing Metadata Rules fr Flders in Virtual View Settings t cnfigure the metadata rules fr adding files int this flder. d. If desired, repeat steps a t c t add mre flders int the virtual view. 161

162 4. Click Save t save the cnfiguratins and add the virtual view int AvePint Perimeter management system, r click Cancel t exit and g back t the Virtual Views interface withut adding the virtual view. Editing Virtual Views T edit a previusly created virtual view in Virtual Views, select the crrespnding checkbx and click Edit n the ribbn, r click the pen menu buttn next t the VIRTUAL VIEW DISPLAY NAME and then click Edit in the menu. Yu can edit the fllwing cnfiguratins: 1. In the Basic Infrmatin sectin, cnfigure the fllwing infrmatin f the virtual view yu are editing. Virtual View Display Name Enter the name f the virtual view yu are editing. Site URL Enter the URL f the site where the files yu want t add int this virtual view. *Nte: Yu must ensure the SharePint Search Service crawling is started fr the entered site. Authenticatin Methd Select the authenticatin methd used by the SharePint zne where this entered site resides. Windws Authenticatin, Frms-Based Authenticatin, and Trusted Identity Prvider are available fr the Authenticatin Methd. Username and Passwrd Enter the credentials f the SharePint user used t retrieve the metadata prperties f the all f the files within the entered site abve. Yu must ensure the entered user has at least Read permissin t the site. 2. Click Validatin Test t verify whether the entered infrmatin abve is valid. 3. In the Virtual View Settings sectin, yu can add new flders r edit the existing flders fr this virtual view. T create a new flder in this virtual view, cmplete the fllwing steps: i. Click New Flder t add a new flder in the Flder Name clumn. ii. Enter the name f the new flder, and press Enter t save the name. iii. Refer t Creating r Editing Metadata Rules fr Flders in Virtual View Settings t cnfigure the metadata rules fr adding files int this flder. T rename a flder, select the checkbx next t the desired flder in the Flder Name clumn, click Rename, and enter the new flder name in the text bx in the Flder Name clumn. T delete a flder, select the checkbx next t the flder, and click Delete. T mdify the rule settings fr a flder, refer t Creating r Editing Metadata Rules fr Flders in Virtual View Settings. 162

163 4. Click Save t save the cnfiguratins t the virtual view, r click Cancel t exit and g back t the Virtual Views interface withut saving the mdificatins f the virtual view. Creating r Editing Metadata Rules fr Flders in Virtual View Settings T create r edit metadata rules fr a specific flder in a virtual view, select the desired flder in the Flder Name clumn and click Cnfigure n the ribbn. The Cnfigure Metadata Rules windw appears. Cmplete the fllwing steps t create r edit the rules fr the selected flder: 1. In the Cnfigure Metadata Rules windw, cnfigure the rules fr adding files int the flder. a. Click Add a Rule t add a rule by cmpleting the fields belw, r click Remve t delete the rule. Level Select the file prperty which the rule is cnfigured fr frm the drpdwn list. Cnditin Select the cnditin fr the rule. Rule and Value Designate the value used t filter the file prperty selected in the Level field. If yu select Value, enter the value used t filter the file prperty in the Value textbx. If yu select User, select the user prperty yu want t use t filter file prperty in the Value drp-dwn list. The value f the selected user prperty is based n the user wh is accessing this virtual view via AvePint Perimeter External Prtal r AvePint Perimeter mbile app. In this way, the filter results f this rule are based n the user wh is accessing this virtual view. b. T add mre rules, repeat the previus step. If 2 r mre rules are cnfigured, determine the lgical relatinship in the Cnditins text bx. There are tw lgic chices: And and Or. The default lgic is And. And Files that meet all f the rules will be added int the flder. Or Files that meet any ne f the rules will be added int the flder. 2. Click Preview Filter Results t preview the files that meet the cnfigured rules. If yu select Value in the Rule drp-dwn list in all f the rules, the Preview Filter Results windw appears. The files that meet the cnfigured rules are displayed in the windw. If yu select User in the in the Rule drp-dwn list in ne r mre rules, the Select a User windw appears. Select a user whse prperty values will be used as the values fr previewing the filter results f the crrespnding rules. i. Enter the keywrd f the desired username in the User search bx. 163

164 ii. Select the desired user in the drp-dwn list. iii. Click OK t save the cnfiguratin and access the Preview Filter Results windw. 3. Clse the Preview Filter Results windw and return t the Cnfigure Metadata Rules windw. 4. Click Save t save the rules fr the flder and return t the Add Virtual View/Edit Virtual View interface. After the rules are successfully saved fr a specific flder, the Rules clumn displays the number f rules cnfigured fr the flder. *Nte: By default, the Virtual Views feature trims the duplicated files recgnized by SharePint Search API in the search results f the cnfigured metadata rules. T include the duplicated files in the search results, cmplete the fllwing settings: 1. G t the \bin\cnfig flder under the Manager installatin path. The default Manager installatin path is C:\Prgram Files\AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Set the value f the trimspsearchduplicate attribute t false. The default value f the trimspsearchduplicate attribute is true 4. Save the change and clse the file. Sharing Virtual Views with User Access Grups After creating virtual views, yu can navigate t the Manage Permissins interface t share the virtual views t the previusly created user access grups by assigning permissins fr the virtual views t the user access grups. T access the Manage Permissins interface, select the crrespnding checkbx f the desired virtual view in the Virtual Views interface and then click Manage Permissins n the ribbn. The Manage Permissins interface appears. Sharing Virtual Views with User Access Grups via Assigning Permissins In the Manage Permissins interface, t share the selected virtual view t a previusly created user access grup, click Assign Permissins n the ribbn. In the Assign Permissins interface, cnfigure the fllwing settings: 1. In the User Access Grup Name sectin, select the user access grup with which yu want t share the virtual view frm the drp-dwn list. 2. In the Ntificatin Settings sectin, select ntificatin settings fr the sharing f the virtual view. T send ntificatins t the users included in the selected user access grup, select the Send ntificatins t users in the user access grup checkbx. 164

165 T send ntificatins with a custm message t the users included in the selected user access grup, select the Send ntificatins t users in the user access grup checkbx and enter the custm message in the text bx belw. 3. In the Permissin Settings sectin, chse the Permissin Level fr the user access grup s permissins t the cpies f the files included in the shared virtual view stred in the previusly cnfigured Shared File Lcatin. Fr detailed instructins n selecting the permissin level, refer t Secured Share Permissin Levels. The users in the access grup assigned with Edit permissin level can edit the cpies f the files and the mdificatins will be synchrnized back t the riginal file in the SharePint site. 4. In the Permissin Expiratin Time sectin, specify when this sharing f the virtual view will expire. Enter an expiratin date in the Expiratin Time text bx r select the expiratin date frm the calendar. 5. In the Assign permissin t anther user access grup sectin, select whether t cntinue t assign permissin t anther user access grup after saving the cnfiguratins here. If yu select this ptin, and click Save t save the cnfiguratins and assign permissin t the selected user access grup. After the permissin is successfully assigned, yu can stay n the Assign Permissins page t assign permissin t anther user access grup. If yu d nt select this ptin, and click Save t save the cnfiguratins and assign permissin t the selected user access grup. After the permissin is successfully assigned, yu will exit this page and g back t the Manage Permissins page. If yu dn t want t assign the permissin t the selected user access grup, click Cancel t exit this page withut assigning the permissins. Editing a User Access Grup s Permissins fr a Virtual View T edit the previusly assigned permissins fr a specific virtual view, select the crrespnding checkbx in the Manage Permissins interface, and click Edit n the ribbn. In the Assign Permissins interface, cnfigure the fllwing settings: 1. In the Ntificatin Settings sectin, select ntificatin settings fr the sharing f the virtual view. T send ntificatins t the users included in the selected user access grup, select the Send ntificatins t users in the user access grup checkbx. T send ntificatins with a custm message t the users included in the selected user access grup, select the Send ntificatins t users in the user access grup checkbx and enter the custm message in the text bx belw. 2. In the Permissin Settings sectin, chse the Permissin Level fr the user access grup s permissins t the cpies f the files included in the shared virtual view stred in the previusly cnfigured Shared File Lcatin. Fr detailed instructins n selecting the permissin level, refer t Secured Share Permissin Levels. 165

166 3. In the Permissin Expiratin Time sectin, specify when this sharing f the virtual view will expire. Enter an expiratin date in the Expiratin Time text bx r select the expiratin date frm the calendar. 4. In the Assign permissin t anther user access grup sectin, Select whether t cntinue t assign permissin t anther user access grup after saving the changes. If yu select this ptin, and click Save t save the changes and assign permissin t the selected user access grup. After the permissin is successfully updated, yu can stay n the Assign Permissins page t assign permissin t anther user access grup. If yu d nt select this ptin, and click Save t save the changes and assign permissin t the selected user access grup. After the permissin is successfully updated, yu will exit this page and g back t the Manage Permissins page. If yu dn t want t save the changes t the selected permissins, click Cancel t exit this page withut saving the changes. Remving User Access Grups Permissins fr Virtual Views T remve user access grups permissins fr a particular virtual view in the Manage Permissins interface, select the crrespnding checkbxes next t the USER ACCESS GROUP NAME clumn and click Delete n the ribbn. Alternatively, yu can click the pen menu buttn next t the USER ACCESS GROUP NAME and then click Delete in the menu. Once the user access grups permissins fr the selected virtual view have been deleted, the users in the user access grups cannt access the files in the virtual view via the AvePint Perimeter External Prtal r the Perimeter apps n mbile apps. Managing Shared Files In Manage Shared Files, yu can view and manage all f the SharePint bjects (including files, flders, and libraries) shared thrugh the AvePint Perimeter Secured Share feature and view the usage details f each shared file. T access Manage Shared Files, navigate t the Manage menu and click Manage Shared Files t enter the Manage Shared Files interface. In the Managed Shared Files interface, yu can view all f the sharing events within the SharePint farms where the AvePint Perimeter Secured Share feature is in use, including the name, size (nly available fr shared files), last mdified time, last shared time, and the lcatin and URL f each shared bject in SharePint, the user wh shares the bject, the user wh is shared the bject with, the permissin settings, and the expiratin time f each sharing event. T filter the sharing events with criteria, yu can use the search bx in the upper-right crner t search by the desired file names r use the Advanced Search feature t cnfigure multiple search cnditins. T use Advanced Search, refer t Advanced Search. 166

167 In the Manage Shared Files interface, yu can fllw the fllwing peratins t manage the shared bjects. Viewing Sharing Histry Viewing Dcument Usage Changing Shared Permissin Settings Remving Users Shared Permissins Viewing Sharing Histry T view all f the sharing events fr when a specific SharePint bject is shared with the same user in Manage Shared Files, cmplete the fllwing steps: 1. Select the crrespnding sharing event which cntains the desired bject in the NAME clumn and the user in the SHARED WITH clumn. 2. Click View Histry n the ribbn. The View Sharing Histry interface appears. 3. View the sharing histry in the View Sharing Histry interface. In the View Sharing Histry interface, yu can view the detail infrmatin f the sharing events that the selected bject is shared with the same user, including the user wh shared the bject, the user wh is shared with, the permissin settings, and the time f each shared event. The display pane f View Sharing Histry has a number f cnfigurable settings s that yu can custmize hw the sharing events are displayed by perfrming the fllwing peratins: Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which events in the list are displayed based n the values in the Shared By clumn. Click the Open Menu ( ) buttn next t the clumn name SHARED BY, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding events shwn in the list. Srting the clumn T srt the events in the list, click the clumn name f the SHARED BY/PERMISSION LEVEL/TIME SHARED/EXPIRATION TIME/SHARE UPDATES clumn and then select t srt the events in ascending r descending rder. Search fr keywrds Filter the events by the keywrd in the desired internal user name within the SHARED BY clumn. Enter the desired keywrd in the text bx and click the search buttn. Advanced Search Search fr the events yu want t view with the criteria specified in Advanced Search. T use Advanced Search, refer t Advanced Search. 167

168 Viewing Dcument Usage Using the View Dcument Usage feature in Manage Shared Files, yu can view the usage f a specific shared file r all f the files included in a shared flder/library perfrmed by users via the AvePint Perimeter External Prtal, AvePint Pint Internal Prtal, and AvePint Perimeter mbile apps. T d this, cmplete the fllwing steps: 1. Select the crrespnding sharing event which cntains the desired file/flder/library in the NAME clumn. 2. Click View Dcument Usage n the ribbn. The Dcument Usage Tracking interface appears. In the Dcument Usage Tracking interface, yu can view the details f the selected user s activities n the selected shared file r the files in the selected shared flder/library, including the time, the user wh accessed the file, the actin perfrmed, the surce f the access, the platfrm, mdel and, perating system f the access pint, the brwser used by the user, the user s lcatin, and the shared file s URL in each activity. The display pane f Dcument Usage Tracking has a number f cnfigurable settings s that yu can custmize hw the activities are displayed by perfrming the fllwing peratins: Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which activities in the list are displayed based n the values in the SHARED WITH/PLATFORM clumn. Click the Open Menu ( ) buttn next t the clumn names, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding events shwn in the list. Srting the clumn T srt the activities in the list, click the clumn name f THE TIME ACCESSED/SHARED WITH/ACTION clumn and then select t srt the events in ascending r descending rder. Changing Shared Permissin Settings T change the permissin settings in a specific sharing event, cmplete the fllwing steps: 1. Select the desired sharing event in the Manage Shared Files interface. 2. Click Change Permissins n the ribbn. The Change Permissins pp-up windw appears. 3. Edit the fllwing permissin settings f the sharing event: Permissin Level Select the desired permissin level fr the user with whm the bject has been shared frm the drp-dwn list. Fr details n selecting the permissin level, refer t Secured Share Permissin Levels. Expiratin Time Specify the expiratin time f this sharing. Enter an expiratin time in the text bx r select an expiratin date using the calendar. 168

169 Share Updates Select whether t share the updates f the shared bject with the user as well. 4. Click Save t save the changes t this sharing event, r click Cancel t exit this windw withut saving the changes. Secured Share Permissin Levels Refer t the sectin belw fr detailed infrmatin n the specific permissins included in each permissin level fr secured shared files/flders/libraries that are available in the Change Permissins pp-up windw. Permissin Level Read Only Dwnlad Edit Edit in Brwser Only Delete Permissin Open in Brwser Print Cpy & Paste Dwnlad Files Edit in Brwser Uplad New Files t Shared Flder/Library Re-uplad Mdified Files View Files with Watermark Delete Items *Nte: Only the files with the file types listed in the Supprted File Types fr Online Viewing n the AvePint Perimeter Internal Prtal and External Prtal sectin can be pened nline in the AvePint Perimeter External Prtal and Internal Prtal. If yu are abut t share a file r a flder/library that cntains files that cannt be pened nline, AvePint recmmends granting the users Dwnlad r Edit permissin level t ensure that the users can dwnlad the shared files. Remving Users Shared Permissins T remve a specific user s permissins fr a shared bject, cmplete the fllwing steps: 1. Select the crrespnding sharing event which cntains the desired bject in the NAME clumn and the user in the SHARED WITH clumn in the Manage Shared Files interface. 2. Click Remve Permissins n the ribbn. The cnfirmatin windw appears. 3. Click OK t remve the user s permissins fr the selected bject, r click Cancel t exit this windw withut remving the user s permissins. 169

170 If the user s permissins fr the selected bject have been remved, the user cannt access the cpy f this bject via the AvePint Perimeter External Prtal r AvePint Perimeter mbile apps. Custmizing the Size f the Online Read DWG File When a user pens a.dwg file in the AvePint Perimeter External Prtal/AvePint Perimeter mbile app, this.dwg file is autmatically cnverted int a.png image and then displayed in the viewing page. The default size fr f the cnverted.dwg image is 425 x 310 pixels. T change the size f the image, fllwing the steps belw: 1. G t the \bin\cnfig flder under the Manager installatin path. The default Manager installatin path is \Prgram Files\AvePint\Perimeter\Manager. 2. Open the AppSettings.cnfig file using Ntepad. 3. Set the values f the dwgcnvertpdfwidth and dwgcnvertpdfheight attributes t yur desired width and height f thecnverted.dwg file. Figure 8: Cnfiguring the values f the dwgcnvertpdfwidth and dwgcnvertpdfheight attributes. 4. Save the change and clse the file. 5. Repeat the same cnfiguratins in the AppSettings.cnfig file n the server with External Prtal and Gateway installed. 170

171 Reprt Menu In the Reprt menu, yu can view reprts f Access Pints, Access Lgs, Event Lgs, Access Vilatin Lgs, Access Warning Lgs, Burglar Alarm Reprt, and Daily Audit Tracking. These reprts prvide yu with detailed infrmatin n the access pints and lgin sessins t the SharePint sites managed by AvePint Perimeter. In additin, yu can reprt n the lgs generated by the Cntent Access Cntrl and Cntent Access Lgging features in Cntent Access Plicy, and the Burglar Alarm Rules feature. *Nte: In the Access Pints reprt, yu can view all f the access data managed by the AvePint Perimeter management system after the Cntent Access Plicy features are enabled n the SharePint sites. Perimeter keeps all access data fr 30 days in the Manager Cnfiguratin database. After 30 days, the data is autmatically deleted. Access Pints Access Pints reprt displays the event lgs based n the access pints t the SharePint sites managed by the AvePint Perimeter management system, including the access pint name, platfrm, mdel, perating system, registratin time, last lgin user, last lgin time and last lgin sessin duratin f each access pint. Viewing Access Pints Reprt The reprt display pane has a number f cnfigurable settings s that yu can custmize hw the reprt displays the data. Fr Access Pints, the fllwing settings can be cnfigured in the reprt display pane: Access Lgs Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which items in the list are displayed. Click the Open Menu ( ) buttn next t the clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding items shwn in the list. Srting the clumn Srt the items in the list in ascending r descending rder based n THE REGISTRATION TIME/LAST LOGGED LOGIN/LAST SESSION DURATION (MINUTES) clumn by clicking the clumn name. View All Sessins Select the access pint in the reprt pane and click View All Sessins n the ribbn t jump t the Access Lgs page and view the details abut all f the lgin sessins f this access pint. Access Lgs reprt display all f the lgin sessin lgs fr the participating SharePint servers, including the sessin ID, username, start time and duratin f each lgin sessin and the platfrm, mdel, perating system, brwser, and lcatin and device name f the used device in the sessin. 171

172 Viewing Access Lgs The reprt display pane has a number f cnfigurable settings s that yu can custmize hw the reprt displays the data. Fr Access Lgs, the fllwing settings can be cnfigured in the reprt display pane: Event Lgs Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which items in the list are displayed. Click the Open Menu ( ) buttn next t the clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding items shwn in the list. Srting the clumn Srt the items in the list in ascending r descending rder based n the START TIME/LAST ACTIVE TIME/DURATION (MINUTES) clumn by clicking the clumn name. Open menu ( ) Select the lgin sessin in the reprt pane, and click the pen menu buttn ( ), the Visited Cntent ptin appears. Click this ptin r click Visited Cntent n the ribbn t jump t the Event Lgs page t view the event lgs fr the lgin sessin. Event Lgs reprt displays the lgs f all end-user activities within the Perimeter management system, including: All the access t the SharePint cntent mnitred by the Cntent Access Lgging rule via any devices. All the lgin attempts (successful lgins and lgin failures) t the 2-factr authenticated SharePint sites via any devices. All the access t the cntent within the managed SharePint sites via AvePint Perimeter mbile apps. All the access t the files shared thrugh the AvePint Perimeter Secured Share feature and the Virtual Views feature via AvePint Perimeter External Prtal r AvePint Perimeter mbile apps. This reprt displays the sessin ID, http methd, start time, access pint name, username, accessed URL, activity, the surce f each cntent access, the platfrm and lcatin f the device/brwser used t access the cntent. Viewing Event Lgs The reprt display pane has a number f cnfigurable settings s that yu can custmize hw the reprt displays the data. Fr Event Lgs, the fllwing settings can be cnfigured in the reprt display pane: 172

173 Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which item in the list is displayed. Click the Open Menu ( ) buttn next t the clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding items shwn in the list. Srting the clumn Srt the items in the list in ascending r descending rder based n the START TIME/LAST ACTIVE TIME/DURATION (MINUTES) clumn by clicking the clumn name. Advanced Search Search fr the items yu want t view with the criteria specified in Advanced Search. T use Advanced Search, refer t Advanced Search. Exprting Event Lgs T exprt the Event Lgs reprt, click Exprt n the ribbn, select yur desired data scpe fr the exprt reprt in the pp-up windw, and then click OK. Yur brwser will prmpt yu t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. Access Vilatin Lgs Access Vilatin Lgs reprt display the lgs fr all cntent blcked by the Cntent Access Cntrl rules. In Access Vilatin Lgs, yu can view the time, access pint name, username, access pint s lcatin, access pint s platfrm, URL t access f each blcked cntent access, and the Cntent Access Cntrl rule affecting access. Viewing Access Vilatin Lgs The reprt display pane has a number f cnfigurable settings s that yu can custmize hw the reprt displays the data. Fr Access Vilatin Lgs, the fllwing settings can be cnfigured in the reprt display pane: Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which item in the list is displayed. Click the Open Menu ( ) buttn next t the clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding items shwn in the list. Srting the clumn Srt the items in the list in ascending r descending rder based n the START TIME f the access attempts by clicking the clumn name. Viewing Cntent Access Cntrl rule details T view the details f the Cntent Access Cntrl rule, click the link in the Cntent Access Cntrl Rule clumn. The Rule Details page appears. Yu can view the actin and criterin f this rule. Advanced Search Search fr the items yu want t view with the criteria specified in Advanced Search. T use Advanced Search, refer t Advanced Search. 173

174 Exprting Access Vilatin Lgs T exprt the Access Vilatin Lgs reprt, click Exprt n the ribbn, select yur desired data scpe fr the exprt reprt in the pp-up windw and then click OK. Yur brwser will ask if yu wuld like t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. Access Warning Lgs Access Warning Lgs reprt displays the lgs fr all cntent that generated access warnings. In Access Warning Lgs, yu can view the time, access pint name, username, access pint s lcatin, access pint s platfrm, URL t access f each blcked cntent access, and the Cntent Access Cntrl rule affecting access. Viewing Access Warning Lgs The reprt display pane has a number f cnfigurable settings s that yu can custmize hw the reprt displays the data. Fr Access Warning Lgs, the fllwing settings can be cnfigured in the reprt display pane: Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which items in the list are displayed. Click the Open Menu ( ) buttn next t the clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding items shwn in the list. Srting the clumn Srt the items in the list in ascending r descending rder based n the START TIME f the access attempts by clicking the clumn name. Viewing Cntent Access Cntrl rule details T view details n the Cntent Access Cntrl rule, click the link in the Cntent Access Cntrl Rule clumn. The Rule Details page appears. Yu can view the actin and criterin f this rule. Advanced Search Search fr the items yu want t view with the criteria specified in Advanced Search. T use Advanced Search, refer t Advanced Search. Exprting Access Warning Lgs T exprt the Access Warning Lgs reprt, click Exprt n the ribbn, select yur desired data scpe fr the exprt reprt in the pp-up windw, and then click OK. Yur brwser will prmpt yu t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. 2-Factr Authenticatin Lgs The 2-Factr Authenticatin Lgs reprt displays all 2-factr authenticatin attempts t all 2-factr authenticated sites (bth SharePint n-premises sites and ADFS-authenticated sites) cntrlled by this 174

175 Perimeter management system. In ADFS-authenticated sites, the authenticatin attempts may als be cntrlled by the Authenticatin Cntrls rules cnfigured in Federatin Plicy. Fr mre infrmatin n Federatin Plicy, refer t Cnfiguring the Federatin Plicy. This reprt displays the authenticatin time, the URL t be accessed, status f each 2-factr authenticatin access attempt, username and lgin accunt f the end-user wh wants t access the 2- factr authenticated site, the platfrm, perating system, brwser/applicatin, lcatin infrmatin, lcatin cllectin exceptin and device name f the device used t access the site, the additinal Authenticatin Cntrl rule applied t the ADFS authenticated site, and the cmments abut the failed access attempt. Viewing 2-Factr Authenticatin Lgs The reprt display pane has a number f cnfigurable settings s that yu can custmize hw the reprt displays the data. Fr 2-Factr Authenticatin Lgs, the fllwing settings can be cnfigured in the reprt display pane: Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which items in the list are displayed. Click the Open Menu ( ) buttn next t the clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding items shwn in the list. Srting the clumn Srt the items in the list in ascending r in descending rder based n the AUTHENTICATION TIME f the access attempts by clicking the clumn name. Search fr keywrds Filter the access attempt displayed by the keywrd yu designate. The keywrd must be cntained in a clumn value. Enter the desired keywrd in the text bx and click the search buttn. Advanced Search Search fr the items yu want t view with the criteria specified in Advanced Search. T use Advanced Search, refer t Advanced Search. Exprting 2-Factr Authenticatin Lgs T exprt the 2-Factr Authenticatin Lgs reprt, click Exprt n the ribbn, select yur desired data scpe fr the exprt reprt in the pp-up windw and then click OK. Yur brwser will ask if yu wuld like t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. Burglar Alarm Reprt Burglar Alarm Reprt displays the lgs f all end-user activities that trigger Burglar Alarm rules applied n SharePint ndes within this AvePint Perimeter management system. Each triggered Burglar Alarm rule is listed in the Burglar Alarm Reprt interface, including the user wh triggers the rule, alarm type, rule name, applied scpe, time range f the rule, and the number f the events that trigger the rule. 175

176 Viewing Burglar Alarm Reprt The reprt display pane has a number f cnfigurable settings s that yu can custmize hw the reprt displays the data. Fr Burglar Alarm Reprt, the fllwing settings can be cnfigured in the reprt display pane: Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which recrds in the list are displayed. Click the Open Menu ( ) buttn next t the Username clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding recrds shwn in the list. Srting the clumn Srt the recrds in the list in ascending r in descending rder based n the START TIME r END TIME f the time range f the trigger rule by clicking the clumn name. Search fr keywrds Filter the recrds displayed by the keywrd yu designate. The keywrd must be cntained in a clumn value. Enter the desired keywrd in the text bx and click the search buttn. Advanced Search Search fr the recrds yu want t view with the criteria specified in Advanced Search. T use Advanced Search, refer t Advanced Search. View Details T view the detailed infrmatin n hw a particular user triggers a Burglar Alarm rule, select the recrd f the desired user and rule and click View Details n the ribbn. The View Details page appears, displaying the detailed infrmatin n the selected user s activities that triggered the selected Burglar Alarm rule during the user-defined time range. Exprting Burglar Alarm Reprt T exprt the Burglar Alarm Reprt, click Exprt n the ribbn, select yur desired data scpe fr the exprt reprt in the pp-up windw and then click OK. Yur brwser will ask if yu wuld like t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. Daily Audit Tracking The Daily Audit Tracking reprt displays the number f each end-user s activities within a designated day r date range within the AvePint Perimeter management system, including detailed infrmatin f each activity. Viewing Daily Audit Tracking Reprt By default, the reprt display pane f Daily Audit Tracking displays the audit tracking recrds f all active end-users within the current day, including the user s username, user type, and number f events perfrmed by the user. Yu can custmize hw the reprt displays the data using the fllwing cnfigurable settings in the reprt display pane. 176

177 Manage Clumns Manage which clumns are displayed in the list using the Manage Clumns drp-dwn list, s that nly the infrmatin yu want t see is displayed. Filter the clumn Filter which recrds in the list are displayed. Click the Open Menu ( ) buttn next t the USERNAME clumn name, select the checkbxes in the drp-dwn menu, and click OK t have the crrespnding recrds shwn in the list. Srting the clumn Srt the recrds in the list in ascending r in descending rder based n USERNAME by clicking the clumn name. Search fr keywrds Filter the recrds displayed by the keywrd yu designate. The keywrd must be cntained in a clumn value. Enter the desired keywrd in the text bx and click the search buttn. Audit Filter Search fr the recrds yu want t view with the criteria specified in Audit Filter. T use Audit Filter, refer t Using the Audit Filter. View Details Using the View Details feature, yu can view the details f a selected audit tracking recrd, including each activity perfrmed by a particular user within the selected time range. Fr details, refer t Viewing Activity Histry. Using the Audit Filter In Daily Audit Tracking, yu can set filter criteria t extend r limit the recrds displayed in the reprt via the Audit Filter feature, by cmpleting the fllwing steps: 1. Click Audit Filter abve the Reprt Display pane t access the Audit Filter windw. 2. Filter by User Filter the recrds by user type and/r username/user access grup name. User Type Filter the recrds by user type. All Users Select this ptin t include all end-users in the reprt. Internal Select this ptin t nly include internal users in the reprt. External Select this ptin t nly include external users in the reprt. User/Grup Filter Filter the recrds by username/user access grup name within the users f the user type selected abve. Include All Users Select this ptin t all users f the user type(s) selected abve in the reprt. Specify users/user access grups t include Select this ptin t nly include designated users/user access grups in the reprt by entering the usernames/ grup names int the text bx r selecting the users/grups via the peple picker. Separate each user/grup name with semi-clns. 3. Filter by Date Range Filter the recrds by date range. T view the recrds within a day f the current week, select the ptin f the crrespnding day frm the drp-dwn list. 177

178 T custmize the date range f the recrds t be displayed in the reprt, select the Custm Date Range ptin and select a desired date range using the calendar. 4. Click Filter t apply the cnfigured filter criteria. All audit tracking recrds that meet the criteria are listed in the reprt. T reset all filter criteria, click Reset.T return t the viewing pane withut applying the filter criteria, click Cancel. Viewing Activity Histry T view the details f the audit tracking recrd f a designated user within the selected date range, cmplete the fllwing steps: 1. Select the crrespnding audit tracking recrd f the desired user in the Daily Audit Tracking interface. 2. Click View Details n the ribbn. The Activity Histry interface appears. In the Activity Histry interface, yu can view the detailed infrmatin f each activity included in the selected audit tracking recrd, including the accessed URL, lcatin, activity name, and time f each activity. T exprt the cntent in the Activity Histry interface click Exprt n the ribbn. Yur brwser will ask if yu wuld like t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. Exprting Daily Audit Tracking Reprt T exprt the cntent displayed in the Daily Audit Tracking reprt, click Exprt n the ribbn. Yur brwser will ask if yu wuld like t pen r save the CSV file. Click Save r Save as t save it t a designated lcatin. Advanced Search In Usage Tracking, Event Lgs, Access Vilatin Lgs, Access Warning Lgs, 2-Factr Authenticatin Lgs, Burglar Alarm Reprt, Manage Enrlled Devices, Manage Shared Files, and View Sharing Histry, yu can filter the cntent yu want t view based n the criteria specified in Advanced Search. T use Advanced Search, cmplete the fllwing steps: 1. Click Advanced Search n the ribbn. The Advanced Search pp-up appears. 2. Cnfigure the search criteria fr the items yu want t view. Select the Level, Rule, Cnditin frm the crrespnding drp-dwn lists and enter a Value fr this rule. After cnfiguring a rule, click Add a Rule t add a new rule, r click the Remve buttn fllwing each rule t delete the rule. If 2 r mre rules are cnfigured, determine the lgical relatinship in the Cnditins text bx. There are tw lgic chices: And and Or. The default lgic is And. And Items that meet all f the rules will be displayed. 178

179 Or Items that meet any ne f the rules will be displayed. Yu can click Validate t check the syntax f the statement specified in the Cnditins text bx. 3. Click Search t search items based n the entered criteria, r click Reset t clear the current cnfiguratins and specify new search criteria. 179

180 Uninstalling AvePint Perimeter The AvePint Perimeter Uninstallatin Wizards guide yu thrugh the uninstallatin prcess. In rder t cmplete the uninstallatin successfully, the Uninstallatin Wizard must be run by a lcal administratr. Uninstalling AvePint Perimeter Manager T uninstall AvePint Perimeter Manager, cmplete the fllwing steps: 1. Open the Windws Start Menu n the AvePint Perimeter Manager server, and navigate t All Prgrams > AvePint Perimeter. 2. Open the Manager flder and click AvePint Perimeter Manager Uninstall. 3. If desired, select Remve Manager Cnfiguratin Database t remve the crrespnding Manager Cnfiguratin database during the Manager uninstallatin. 4. Click Uninstall Manager t start the uninstallatin prcess. 5. View the uninstallatin prcess via the prcess bar in the Perimeter Manager Uninstallatin Wizard. Once the uninstallatin cmpletes, click Finish t exit the uninstallatin wizard. *Nte: The applicatin pl created by AvePint Perimeter Manager Installatin is deleted during the Manager uninstallatin. *Nte: The SharePint audit events enabled via the SharePint Audit Settings feature in Perimeter Manager will nt be disabled during Manager uninstallatin. T disable the enabled SharePint audit events in a site cllectin, g t Site cllectin audit Settings f the site cllectin. Uninstalling External Prtal and Gateway T uninstall AvePint Perimeter External Prtal and Gateway frm a server, cmplete the fllwing steps: 1. Open the Windw Start Menu n the External Prtal and Gateway server and navigate t Cntrl Panel > Prgrams > Uninstall a prgram. 2. Lcate and right-click AvePint Perimeter Manager (External Prtal and Gateway) in the list. 3. Click Uninstall/Change t access the AvePint Perimeter External Prtal and Gateway Uninstallatin Wizard. 4. Click Uninstall External Prtal and Gateway t start the uninstallatin prcess. 5. View the uninstallatin prcess via the prcess bar in the AvePint Perimeter External Prtal and Gateway Uninstallatin Wizard. Once the uninstallatin cmpletes, click Finish t exit the uninstallatin wizard. *Nte: The applicatin pl created by AvePint Perimeter External Prtal and Gateway Installatin Wizard is deleted during the uninstallatin. 180

181 Uninstalling AvePint Perimeter WOPI Hst Server T uninstall AvePint Perimeter WOPI Hst Server frm a server, cmplete the fllwing steps: 1. Open the Windw Start Menu n the server where the WOPI Hst Server is installed and navigate t Cntrl Panel > Prgrams > Uninstall a prgram. 2. Lcate and right-click AvePint Perimeter Manager (WOPI Hst Server) in the list. 3. Click Uninstall/Change t access the AvePint Perimeter WOPI Hst Server Uninstallatin Wizard. 4. Click Uninstall WOPI Hst Server t start the uninstallatin prcess. 5. View the uninstallatin prcess via the prcess bar in the AvePint Perimeter WOPI Hst Server Uninstallatin Wizard. Once the uninstallatin cmpletes, click Finish t exit the uninstallatin wizard. *Nte: The applicatin pl created by AvePint Perimeter WOPI Hst Server Installatin Wizard is deleted during the uninstallatin. Uninstalling AvePint Perimeter Agents Prir t uninstalling AvePint Perimeter Agents, ensure that the Agent is nt running any jbs. If an Agent is running a jb, the Agent will fail the currently running jb and stp the currently running prcesses. T uninstall AvePint Perimeter Agent, cmplete the fllwing steps: 1. Open the Windws Start Menu n the AvePint Perimeter Agent server, and navigate t All Prgrams > AvePint Perimeter. 2. Open the Agent flder and click AvePint Perimeter Agent Uninstall. 3. Click Uninstall Agent t start the uninstallatin prcess. 4. View the uninstallatin prcess via the prcess bar in the AvePint Perimeter Agent Uninstallatin Wizard. Once the uninstallatin cmpletes, click Finish t exit the uninstallatin wizard. Uninstalling the AvePint Perimeter App frm Yur Device Fr infrmatin n uninstalling the AvePint Perimeter app frm yur ios/andrid/windws Phne device, refer t yur device s instructin manual. 181

182 Appendix A: Publishing the External Prtal and Gateway Yu can publish the External Prtal and Gateway t the Internet thrugh ne f tw methds: publishing the External Prtal and Gateway directly t the Internet using prt mapping, r publishing the External Prtal and Gateway t the Internet via reverse prxy. AvePint recmmends the latter ptin (publishing the External Prtal and Gateway via reverse prxy) t prvide additinal system security. Publishing the External Prtal and Gateway Directly T publish the External Prtal and Gateway directly t the Internet, cnfigure prt mapping between the public URL and the internal URL n the ruter. The ruter will frward all f the requests t the public URL, and users can then access the External Prtal and Gateway using the public URL. Publishing the External Prtal and Gateway via Reverse Prxy T publish the External Prtal and Gateway via reverse prxy, yu need a reverse prxy server that is mapped t the public URL that can frward requests frm the public URL t the back-end External Prtal and Gateway server. The fllwing sectins explain hw t publish the External Prtal and Gateway via reverse prxy accrding t Micrsft s guidelines, which may differ frm yur rganizatin s best practices. Cnfiguring the Reverse Prxy fr the External Prtal and Gateway Overview T prperly cnfigure the reverse prxy fr the External Prtal and Gateway, cmplete the fllwing steps in the rder shwn. Click the link t jump t the crrespnding sectin. 1. Installing Applicatin Request Ruting Feature and URL Rewrite Feature 2. Creating the Reverse Prxy s Website and Mdifying the Web.cnfig File 3. Disabling IIS Cmpressin 4. Exprting and Imprting the AvePint Perimeter Certificate Installing Applicatin Request Ruting Feature and URL Rewrite Feature Applicatin Request Ruting feature and the URL Rewrite feature must be installed n the prxy server. Applicatin Request Ruting feature is a prerequisite fr URL Rewrite. Yu can dwnlad it frm this site. After the installatin f Applicatin Request Ruting, cmplete the steps belw t cnfigure this feature in Internet Infrmatin Services (IIS) Manager: 1. Restart IIS after the installatin. 2. Navigate t Internet Infrmatin Services (IIS) Manager. 182

183 3. In the Cnnectins pane, click the server nde. 4. In the Hme pane, duble-click Applicatin Request Ruting Cache under the IIS categry. 5. In the Actins pane, select Server Prxy Settings. 6. Make sure the Enable prxy ptin is selected, s that any request in the server rewritten t a server that is nt a lcal machine will be ruted t the crrect place autmatically withut any further cnfiguratins. T install URL Rewrite and ensure cmpatibility, AvePint recmmends using Web Platfrm Installer 3.0 t install URL Rewrite autmatically. After URL Rewrite installs, yu can find this feature in the Windws Internet Infrmatin Services (IIS) Manager. N further cnfiguratins n URL Rewrite feature is required. Creating the Reverse Prxy s Website and Mdifying the Web.cnfig File T create the reverse prxy s IIS website and mdify the Web.cnfig file, cmplete the fllwing steps: 1. Create a new IIS website n the prxy server using the https binding. 2. Navigate t the physical path f the newly created IIS website, create a blank Web.cnfig file, and pen the file using Ntepad. 3. Mdify the file: If the newly created IIS website is a rt site withut a sub-path, fr example: mdify the Web.cnfig file as shwn belw: i. Cpy and paste the fllwing cnfiguratin infrmatin t the file. <?xml versin="1.0" encding="utf-8"?> <cnfiguratin> <system.webserver> <rewrite> <rules> <rule name="reverseprxyinbundrule1" stpprcessing="true"> <match url="(.*)" /> <cnditins> <add input="{cache_url}" pattern="^(https?)://" /> </cnditins> <actin type="rewrite" url="{c:1}://<ip address>:<prt>/{r:1}" /> </rule> </rules> </rewrite> <urlcmpressin dstaticcmpressin="false" ddynamiccmpressin="false" /> </system.webserver> </cnfiguratin> 183

184 ii. Change the values in <ip address>:< prt> t the IP address f the External Prtal and Gateway server and the Manager Service prt, respectively. iii. Save the mdificatins and then clse the file. If the newly created IIS website is a sub-site with a sub-path, fr example: perimeter, mdify the Web.cnfig file as shwn belw: i. Cpy and paste the fllwing cnfiguratin infrmatin t the file. <?xml versin="1.0" encding="utf-8"?> <cnfiguratin> <system.webserver> <rewrite> <utbundrules> <rule name="rewriterelativepaths" precnditin="ishtml"> <match filterbytags="a, Area, Base, Frm, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^/(.*)" negate="false" /> <actin type="rewrite" value="/perimeter/{r:1}" /> </rule> <rule name="rewriteredirect" precnditin="ishtml"> <match servervariable="response_lcatin" pattern="^/(.*)" /> <actin type="rewrite" value="/perimeter/{r:1}" /> </rule> <precnditins> <precnditin name="ishtml"> <add input="{response_content_type}" pattern="^text/html" /> </precnditin> </precnditins> </utbundrules> <rules> <rule name="reverseprxyinbundrule1" stpprcessing="true"> <match url="(.*)" /> <cnditins> <add input="{cache_url}" pattern="^(https?)://" /> </cnditins> <actin type="rewrite" url="{c:1}://<ip address>:< prt>/{r:1}" /> </rule> </rules> </rewrite> <urlcmpressin dstaticcmpressin="false" ddynamiccmpressin="false" /> </system.webserver> </cnfiguratin> 184

185 Disabling IIS Cmpressin ii. Change the values in < ip address>:< prt> t the IP address f the External Prtal and Gateway server and the Manager Service prt, respectively. iii. Save the mdificatins and then clse the file. T disable the IIS Cmpressin feature f bth the External Prtal and Gateway s website and the reverse prxy s website, cmplete the fllwing steps: 1. Navigate t the Internet Infrmatin Service (IIS) Manager f the server where the External Prtal and Gateway s website resides. 2. Select the website f the External Prtal and Gateway in the left pane, and duble-click Cmpressin in the IIS sectin f the right pane t cnfigure the Cmpressin feature. Figure 9: The Cmpressin icn. 185

186 3. In the Cmpressin page, deselect the Enable dynamic cntent cmpressin checkbx and the Enable static cntent cmpressin checkbx, and click Apply. This disables the Cmpressin feature f the External Prtal and Gateway s website. Figure 10: Cnfiguring cmpressin settings. 4. Navigate t the Internet Infrmatin Service (IIS) Manager f the server where the reverse prxy s website resides. 5. Select the website f the reverse prxy in the left pane, and duble-click Cmpressin in the IIS sectin f the right pane t cnfigure the Cmpressin feature. 6. In the Cmpressin page, deselect the Enable dynamic cntent cmpressin checkbx and the Enable static cntent cmpressin checkbx, and click Apply. This disables the Cmpressin feature f the reverse prxy s website. Exprting and Imprting the AvePint Perimeter Certificate T exprt the External Prtal and Gateway s website certificate and imprt it int the prxy server, cmplete the fllwing steps: 1. Navigate t the Internet Infrmatin Site (IIS) Manager and click the lcal hst in the left pane. 2. Click Sites t view all f the websites n this server and right-click n the External Prtal and Gateway s website. 3. Click Edit Bindings in the menu. 186

187 4. The Site Bindings pp-up windw appears. Click Edit t pen the Edit Site Bindings windw. Figure 11: The Site Bindings pp-up windw. 5. In the Edit Site Bindings windw, select the certificate fr AvePint Perimeter and click View t pen the Certificate windw. 6. G t the Details tab and click Cpy t File t exprt the cer. file. The Certificate Exprt Wizard appears. 187

188 Figure 12: The Certificate Windw Cpy t File... buttn. 7. In the welcme page f this wizard, click Next. 8. In the Exprt Private Key page, select N, d nt exprt the private key, and click Next. 9. In the Exprt File Frmat page, select DER encded binary X.509 (.CER), and click Next. 10. In the File t Exprt page, enter the name f the file yu are abut t exprt, and click Next. 11. Click Finish. A pp-up windw appears, infrming yu that the exprt successfully cmpleted. 12. Imprt the exprted certificate file int the prxy server. 13. Navigate t the prxy server. 14. Click Run... frm the Start menu. 15. Enter mmc in the Open text bx. Then click OK. The Cnsle page appears. 16. Click Add/Remve Snap-in in the File menu. The Add r Remve Snaps-ins windw appears. 188

189 17. Select Certificates frm the Available Snaps-ins list and click Add. The Certificate snap-in windw appears. Figure 13: The Add r remve Snap-ins windw. 18. In the Certificate snap-in page, select Cmputer accunt, and click Next. 19. In the Select Cmputer page, select Lcal Cmputer: (the cmputer this cnsle is running n), and click Finish. The Certificates snap-in appears in the Selected snap-ins list. 20. Click OK n the Add r Remve Snaps-ins page. 21. Click Certificates (Lcal Cmputer) under the Cnsle Rt. 22. Expand the Trusted Rt Certificate Authrities flder t lad the Certificate flder. 189

190 23. Right-click n the Certificates flder, and select All Tasks> Imprt n the menu. Figure 14: Selecting All Tasks > Imprt 24. Click Next n the welcme page f the Certificate Imprt Wizard. 25. In the File t Imprt page, enter the file name f the exprted certificate file fr the External Prtal and Gateway s website, and click Next. 26. In the Certificate Stre page, select Place All Certificates in the fllwing stre. 27. Select Trusted Rt Certificatin Authrities in the Certificate stre text bx, and click Next. 28. Click Finish n the Cmpleting Certificate Imprted Wizard page. The External Prtal and Gateway s certificate is imprted t the reverse prxy server. Verifying the External and Gateway Server Certificate The AvePint Perimeter mbile app cmmunicates with AvePint Perimeter Manager via the Gateway. The server certificate n the External and Gateway server r reverse prxy (if the External and Gateway is published via reverse prxy) shuld be a valid certificate btained frm a cmmercial certificate authrity. A self-signed certificate can be used as well, althugh it is nt recmmended. The AvePint Perimeter mbile app supprts imprting a self-signed server certificate during device enrllment. 190

191 By default, during the Manager Installatin, a default self-signed certificate with the current hst name is already deplyed fr the AvePint Manager and Gateway. The certificate will wrk fr AvePint Manager, but may nt be valid fr the Gateway due t stricter server certificate validatin n the AvePint Perimeter mbile app. The AvePint Manager Installatin Wizard generates and deplys a default server certificatin fr the Gateway. Figure 15: Prtal and Gateway Server Certificate. 191

192 Figure 16 displays the Certificate Infrmatin page fr the Gateway Server Certificate. Figure 16: Certificate Infrmatin page fr the Prtal and Gateway Server Certificate. l 192

193 Appendix B: AvePint Perimeter and Lcatin Data See the FAQ belw fr details n hw Perimeter handles lcatin data. Hw is the Lcatin Services feature used? Frm an end-user perspective, Perimeter uses the Lcatin Services feature either in the user s device, r in their brwser. In either case, the user usually pts int Perimeter wrking with this service. The Lcatin Services feature actually determines hw the lcatin is acquired (GPS, Wi-Fi, etc.) alng with its accuracy, and the Perimeter app simply receives the final results. The user may nt knw they ve pted int this, r, if the device is under rganizatin cntrl, the setting may be cnfigured thrugh a central plicy. What lcatin data is btained and when is it btained? The lcatin data itself is generally just latitude and lngitude (2 crdinates), and is nly btained when: 1. The applicatin is used t authenticate the user (scan the QR cde). 2. The user pens (accesses) a dcument stred in the applicatin. What des Perimeter d with the lcatin data? The lcatin data (just the crdinates) is sent t the Perimeter server nly; n data is sent t a 3 rd party service. In shrt, user lcatin data is either n the device, r with the custmer s Perimeter installatin. Once the data is n the server, it becmes part f the audit lg. In the audit lg, it shws the user, device, brwser, etc. alng with the lcatin. Hw lng des Perimeter keep the lcatin data? The lcatin data is autmatically deleted frm the database 30 days after it was initially btained. Hw d I secure this data n the backend? It is up t yu, the custmer (Perimeter Administratr), t make sure this data is secure, as it can be used t track user mvement. Hw the data is stred, and wh has access t it, is an rganizatinal decisin. 193

194 Appendix C: Custmizing AvePint Perimeter Templates, Display Language, Web Pages, and Prtals After AvePint Perimeter Manager and Agents are installed n yur envirnment, refer t the sectins belw t custmize templates and Web pages prvided by the Perimeter system, and the lk and feel f the Perimeter Internal and External Prtals: Custmizing Templates Custmizing Display Language Custmizing the Lk and Feel f Web Pages Custmizing the Lk and Feel f the Perimeter Management Cnsle and Internal Prtal Custmizing Templates Fr AvePint Perimeter, yu can custmize the fllwing templates: Fr the fllwing templates, yu can custmize the lg image (area 1), text in the bdy (area 3), and lk and feel f the tp bar (area 2), bdy (area 3), and bttm bar (area 4) as shwn in Figure 17 belw. AvePint Perimeter Outging Settings AvePint Perimeter Device Enrllment AvePint Perimeter -- Access Warning Scheduled Reprt AvePint Perimeter -- Access Warning Real-Time Reprt AvePint Perimeter -- Access Vilatin Scheduled Reprt AvePint Perimeter -- Access Vilatin Real-Time Reprt AvePint Perimeter External Prtal - Accunt Activatin AvePint Perimeter External Prtal - Reset Passwrd Cnfirmatin AvePint Perimeter Secured Share Ntificatin AvePint Perimeter Shared Virtual View AvePint Perimeter: Shared File Update AvePint Perimeter: Shared File Has Been Dwnladed AvePint Perimeter: Secure Sharing Permissins Overwritten Actin Needed: Files Lcked fr Editing 194

195 AvePint Perimeter License Expiratin Alert Burglar Alarm: Suspicius Activity Alert Figure 17: templates with lg image, text, and lk and feel that can be custmized. Fr the template fr the custmized ntificatins sent fr Enterprise Wipe (shwn in Figure 18 belw), yu can custmize the lg image (area 1), text in the bdy (area 4), and lk and feel f the tp bar (area 2), bdy (areas 3 and 4), and bttm bar (area 5). *Nte: The subject and bdy text (in area 3) f this ntificatin cannt be custmized in the template since they shuld be entered by the administratr 195

196 wh perfrms the Enterprise Wipe actin n a device in the Manage Enrlled Devices interface. Figure 18: An ntificatin sent fr Enterprise Wipe Refer t the sectins belw t custmize the text, lg image, and lk and feel f templates. Custmizing the Lg Image f Templates Yu can custmize the lg image used in all f the templates by cmpleting the fllwing steps: 1. Navigate t the AvePint Perimeter Manager server and g t \Perimeter\Manager\Cntent\themes\base\images directry. 2. Lcate the lg_withut_prtal_230x60.png lg image file t view the dimensins f the lg image. 3. Resize the new image yu want t use as the lg image in all f the templates t the same size as the riginal image, and save it as lg_withut_prtal_230x60.png. 4. Place the newly-cnfigured image int the same directry as the riginal image and replace it n the Manager server, External Prtal and Gateway server, and the WOPI Hst Server. *Nte: Yu must save the riginal image t anther lcatin, if yu want t use the image in the future. The custmized lg image will be used in all f the templates. Custmizing Text and Link URL f the Text in Templates Yu can custmize the text in template and als yu can change the link URL f the text, such as the URL fr Learn Mre and Cntact AvePint. Cmplete the steps belw t custmize the text and the link URL: 1. Lg int the AvePint Perimeter Manager server and navigate t the Resurces flder under the installatin path f the AvePint Perimeter Manager. 196

197 2. Cpy the _cre.en-us.resx file, paste it int the same directry, and rename it as custmized_ _cre.en-us.resx. 3. Open the custmized_ _cre.en-us.resx file with Visual Studi (recmmended) r Ntepad. 4. Edit the desired text fr the crrespnding template in this file. 5. When yu finish editing this file, save the mdificatins and clse the file. 6. Cpy this custmized RESX file t same flder under the installatin path f the External Prtal and Gateway server and the WOPI Hst Server. 7. If yu want t change the link URL fr Learn Mre r Cntact AvePint (the riginal name prvided by AvePint), cntinue with the steps belw; therwise, g t step Navigate t the \bin\cnfig flder under the installatin path f Perimeter Manager. 9. Open the appsettings.cnfig file using Ntepad. 10. Lcate the fllwing ndes, and replace the link URLs as desired: <add key="learnmre" value=" /> <add key="cntactus" value=" /> 11. Save the cnfiguratins and clse the AppSettings.cnfig file. 12. Repeat the same cnfiguratins n the External Prtal and Gateway server and the WOPI Hst Server. 13. Restart AvePint Perimeter and AvePint Perimeter External Prtal and Gateway IIS websites, r reset IIS. The custmized text and the link URL will be applied in the crrespnding s. Custmizing the Lk and Feel f Templates The lk and feel f templates within the Perimeter system is defined by CSS style cdes in HTML files. These HTML files are stred in the \Views\ Templates directry n the Perimeter Manager server, External Prtal and Gateway server, and WOPI Hst Server. The lk and feel f the tp and bttm bars in every template is the same, which is defined in the CSS style cdes that are stred in the HTML file named Layut Template.html. The lk and feel f the bdy in each individual template is defined by CSS style cdes that are stred in separate HTML files as listed in the table belw. Template AvePint Perimeter Device Enrllment AvePint Perimeter Outging Settings AvePint Perimeter -- Access Warning Scheduled Reprt HTML File EnrllTemplate.html Outging .html WarningScheduleTemplate.html 197

198 Template AvePint Perimeter -- Access Warning Real-Time Reprt AvePint Perimeter -- Access Vilatin Scheduled Reprt AvePint Perimeter -- Access Vilatin Real-Time Reprt AvePint Perimeter External Prtal - Accunt Activatin AvePint Perimeter External Prtal - Reset Passwrd Cnfirmatin AvePint Perimeter Secured Share Ntificatin AvePint Perimeter Shared Virtual View AvePint Perimeter: Shared File Update (sent fr updated shared bjects frm SharePint) AvePint Perimeter: Shared File Update (sent fr updated r upladed shared bjects frm the AvePint Perimeter External Prtal) AvePint Perimeter: Shared File Has Been Dwnladed AvePint Perimeter: Secure Sharing Permissins Overwritten Actin Needed: Files Lcked fr Editing Burglar Alarm: Suspicius Activity Alert ntificatin sent fr Enterprise Wipe HTML File WarningPrmptTemplate.html VilatinScheduleTemplate.html VilatinPrmptTemplate.html Register Template.html ResetPasswrdTemplate.html Share Template.html VirtualViewShare Template.ht ml ShareUpdate Template.html UpladOrEditFileTemplate.html UpladOrEditFileTemplate.html ShareOverWrite Template.html LckStatusAlert Template.html BurglarAlarmNtificatin Templ ate.html EnterpriseWipe .html T custmize the lk and feel f an template s bdy, tp bar r bttm bar, yu can custmize the CSS style cdes in the crrespnding HTML file. 1. G t the \Perimeter\Manager\Views\ Templates directry n the Perimeter Manager server. 2. Find the HTML file that cntains the CSS style cdes fr the template s whse lk and feel yu want t custmize, and pen it using Ntepad. 3. Edit the CSS style cdes in the HTML file. 4. Save the changes and clse the file. 5. G t the External Prtal and Gateway server and WOPI Hst Server and cpy the HTML file yu cnfigured t the View\ Templates flder under the installatin directry t replace the existing file. 198

199 The custmized lk and feel will be applied t the crrespnding templates. Custmizing the Display Language By default, the language in which the is displayed will be the same as the language f the server where Perimeter Manager is installed. Hwever, yu can custmize the display language f s in a cnfiguratin file. T custmize the display language, cmplete the steps belw: 1. Lg int the server where AvePint Perimeter Manager is installed, and g t the \AvePint\Perimeter\Manager\bin\Cnfig directry. 2. Open the AppSettings.cnfig file with Ntepad. 3. Add the fllwing nde t the cnfiguratin file, and set the value. <add key="languagefr " value="french"/> *Nte: The valid value ptins available are English, Japanese, German, French, r Italian. 4. Save and clse the AppSettings.cnfig file. Custmizing the Lk and Feel f Web Pages On the AvePint Perimeter Agent servers, yu can custmize the lk and feel f certain Web pages. Refer t the table belw fr detailed infrmatin f the Web pages yu can custmize, including the lcatins and file name fr their ASPX files, CSS files and pictures: Agent Type Web page ASPX File Lcatin Agent fr 2-Factr Authenticatin.a SharePint Authenticatin spx in the npremises Perimeter flder under the installatin path f the AvePint Perimeter Agent Access Warning Warning.aspx in the Perimeter flder under the CSS File Lcatin auth.css in the Perimeter\Cnten t flder under the installatin path f the AvePint Perimeter Agent warning.css in the Perimeter\Cnten Picture Name placehlder.png and tpbar.png in the Perimeter\Cntent \Images flder under the installatin path f the AvePint Perimeter Agent placehlder.png, tpbar.png, warning.png, and 199

200 Agent Type Web page ASPX File Lcatin installatin path f the AvePint Perimeter Agent Access Vilatin Authenticatin Fail Clse Access Fail Clse Blcked.aspx in the Perimeter flder under the installatin path f the AvePint Perimeter Agent AuthNFailedCls e.aspx in the Perimeter flder under the installatin path f the AvePint Perimeter Agent AccessFailedCls e.aspx in the Perimeter flder under the installatin path f the AvePint Perimeter Agent CSS File Lcatin t flder under the installatin path f the AvePint Perimeter Agent vilatin.css in the Perimeter\Cnten t flder under the installatin path f the AvePint Perimeter Agent vilatin.css in the Perimeter\Cnten t flder under the installatin path f the AvePint Perimeter Agent vilatin.css Picture Name warning_24x24.pn g in the Perimeter\Cntent \Images flder under the installatin path f the AvePint Perimeter Agent placehlder.png, tpbar.png, vilatin.png, and errr_24x24.png in the Perimeter\Cntent \Images flder under the installatin path f the AvePint Perimeter Agent placehlder.png, tpbar.png, vilatin.png, and errr_24x24.png in the Perimeter\Cntent \Images flder under the installatin path f the AvePint Perimeter Agent placehlder.png, tpbar.png, vilatin.png, and errr_24x24.png in the Perimeter\Cntent \Images flder under the installatin path f the AvePint Perimeter Agent 200

201 Agent Type Web page ASPX File Lcatin Agents fr 2-Factr MFASignIn.aspx ADFS Authenticatin in the Perimeter Servers flder under the installatin path f the AvePint Perimeter Agent Authenticatin Vilatin Blcked.aspx in the Perimeter flder under the installatin path f the AvePint Perimeter Agent CSS File Lcatin auth.css vilatin.css Picture Name placehlder.png and tpbar.png in the Perimeter\Cntent \Images flder under the installatin path f the AvePint Perimeter Agent placehlder.png, tpbar.png, vilatin.png, errr_24x24.png in the Perimeter\Cntent \Images flder under the installatin path f the AvePint Perimeter Agent Refer t the sectins belw t custmize the lk and feel f Web pages by editing the CSS files n the AvePint Perimeter Agent servers. Custmizing the Lk and Feel f Web Pages fr SharePint On-Premises Sites Refer t the sectin belw t custmize the lk and feel f Web pages fr SharePint n-premises sites by editing the CSS files. 1. Navigate t the Perimeter\Cntent flder under the installatin path f the AvePint Perimeter Agent. 2. Cpy the crrespnding CSS file fr the desired Web page (fr example, cpy the auth.css file fr the Web page fr 2-Factr Authenticatin), paste it int the same directry, and rename it as custmized_riginal file name.css, which is custmized_authn.css in this case. 3. Navigate t the Cntent flder under the installatin path f the AvePint Perimeter Agent, and pen the crrespnding ASPX file (Authenticatin.aspx in this case) fr the Web page yu want t edit using yur brwser. 4. Press F12 t pen the develper tl f yur brwser. 201

202 5. Use the develper tl t lcate and edit the elements yu want t custmize fr this Web page. 6. When yu finish custmizing this Web page, save the mdificatins and clse the page. The custmized settings will be applied t the crrespnding Web page. Custmizing the Lk and Feel f Web Pages fr ADFS Authenticated Sites Refer t the sectin belw t custmize the lk and feel f Web pages fr ADFS Authenticated sites by editing the CSS files. 1. Navigate t the ADFS\Cntent flder under the installatin path f the AvePint Perimeter Agent. 2. Cpy the crrespnding CSS file fr the desired Web page (fr example, cpy the auth.css file fr the Web page fr 2-Factr Authenticatin), paste it int the same directry, and rename it as custmized_riginal file name.css, which is custmized_authn.css in this case. 3. Navigate t the ADFS flder under the installatin path f the AvePint Perimeter Agent, and pen the crrespnding ASPX file (MFASignIn.aspx in this case) fr the Web page yu want t edit using yur brwser. 4. Press F12 t pen the develper tl f yur brwser. 5. Use the develper tl t lcate and edit the elements yu want t custmize fr this Web page. 6. When yu finish custmizing this Web page, save the mdificatins and clse the page. The custmized settings will be applied t the crrespnding Web page. Custmizing Pictures in Web Pages Refer t the sectin belw t custmize a picture in a designated Web page. Custmizing Pictures in Web Pages fr SharePint On-Premises Sites Refer t the sectin belw t custmize a picture in a desired Web page fr SharePint n-premises sites: 1. Navigate t the Perimeter\Cntent\Images flder under the installatin path f the AvePint Perimeter Agent. 2. Get the dimensins f the picture yu want t replace. Fr example, tpbar.png. 3. Resize the new picture yu want t put int the Web page t the same size as the riginal picture, and save it as custmized_rginial file name.png. (fr example, custmized_ tpbar.png in this case) 4. Place the newly-cnfigured picture int the same directry as the riginal picture. The custmized picture will be display in the crrespnding Web page. 202

203 Custmizing Pictures in Web Pages fr ADFS Authenticated Sites Refer t the sectin belw t custmize a picture in a desired Web page fr ADFS Authenticated Sites: 1. Navigate t the ADFS\Cntent\Images flder under the installatin path f the AvePint Perimeter Agent. 2. Get the dimensins f the picture yu want t replace. Fr example, tpbar.png. 3. Resize the new picture yu want t put int the Web page t the same size as the riginal picture, and save it as custmized_rginial file name.png. (Fr example, custmized_ tpbar.png in this case.) 4. Place the newly-cnfigured picture int the same directry as the riginal picture. The custmized picture will be display in the crrespnding Web page. *Nte: All f the custmized settings will be verwritten during a patch installatin r update f AvePint Perimeter. Please make backups f yur custmized templates and Web pages t restre them after the patch installatin r update. Custmizing the Lk and Feel f the Perimeter Management Cnsle and Internal Prtal Lgin Page On AvePint Perimeter Manager server, yu can define yur wn Perimeter lg and the lk and feel fr the lgin page f the Perimeter Management Cnsle and Internal Prtal. Refer t the table belw fr detailed infrmatin f the custmizable elements n Perimeter Management Cnsle and Internal Prtal including the file names and lcatins. Element Lg in the Lgin interface f Management Cnsle and Internal Prtal: File Type PNG File Lcatin The lg_420x73.png file in the \AvePint\Perimeter\Manager\C ntent\themes\base\images directry. File Size Graphic displayed in the Lgin interface f Management Cnsle and Internal Prtal: PNG The lgin_460x350_en.png file in the \AvePint\Perimeter\Manager\C ntent\themes\base\images directry

204 Element File Type File Lcatin File Size Internal Prtal Lg PNG The lg_ internal_prtal_300x70.png file in the \AvePint\Perimeter\Manager\C ntent\images\prtal directry. The CSS file f the Lgin page CSS The Lgin.css file in the \AvePint\Perimeter\Manager\C ntent\themes\base\styles directry Cmplete the steps belw t replace the crrespnding file t custmize the lk and feel fr Perimeter Management Cnsle and Internal Prtal: 1. G t the crrespnding file lcatin f the file yu want t replace. Back up the file t a safe place and then remve it frm the file lcatin. 2. Place the file that yu want t use t the file lcatin with the same name f same size. 204

205 Custmizing the Lk and Feel f the Perimeter External Prtal Lgin Page On the server with Perimeter External Prtal and Gateway installed, yu can define yur wn Perimeter lg and the lk and feel fr the lgin page f the Perimeter External Prtal. Refer t the table belw fr detailed infrmatin f the custmizable elements n Perimeter External Prtal including the file names and lcatins. Element File Type File Lcatin File Size Lg in the Lgin interface f Perimeter External Prtal: PNG The lg_420x73.png file in the \AvePint\Perimeter\GatewayPrtal \Cntent\themes\base\images directry Graphic displayed in the Lgin interface f External Prtal: PNG The lgin_460x350_en.png file in the \AvePint\Perimeter\GatewayPrtal \Cntent\themes\base\images directry External Prtal Lg PNG The lg_external_prtal_300x70.png file in the \AvePint\Perimeter\GatewayPrtal \Cntent\Images\Prtal directry The CSS file f the Lgin page CSS The Lgin.css file in the \AvePint\Perimeter\GatewayPrtal \Cntent\themes\base\styles directry. Cmplete the steps belw t replace the crrespnding file t custmize the lk and feel fr Perimeter External Prtal: 1. G t the crrespnding file lcatin f the file yu want t replace. Back up the file t a safe place and then remve it frm the file lcatin. 2. Place the file that yu want t use t the file lcatin with the same name f same size. 205